• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention proposes an embedded subscriber identity module (eUICC1) cooperating with a terminal (T), said module comprising at least two communication profiles (P) active at the same time so as to allow the communication terminal to communicate with each associated mobile telephone network (R1, R2) to said active communication profiles; a receiving module for receiving, from the terminal (T), a command (CMD) intended for one of the active communication profiles (P), said recipient profile; and a determination module for determining the recipient profile among the active communication profiles from an identifier of the recipient profile included in said command.
    公开号:FR3046010A1
    申请号:FR1563129
    申请日:2015-12-22
    公开日:2017-06-23
    发明作者:Jerome Dumoulin;Tomasz Wozniak
    申请人:Oberthur Technologies SA;
    IPC主号:
    专利说明:

    Background of the invention
    The present invention relates to the field of embedded subscriber identity modules also called eUICC modules (for "Embedded Universal Integrated Circuit Chip"), and more particularly to such eUICC modules able to appropriately manage a plurality of communication profiles. .
    In known manner, a conventional SIM card is configured to allow a communication terminal (such as a mobile phone for example) with which it cooperates to use the communication network of a single telephone operator. To do this, the SIM card includes subscription data such as an IMSI identifier (for "International Mobile Subscriber Identity"), cryptographic keys and algorithms specific to the associated operator. This subscription data is stored permanently in a ROM of the SIM card.
    When a mobile phone tries to use the services of a cellular network, it sends all the subscription data, stored in the SIM card, necessary for the network operator to obtain access to the required services. The operator can thus authenticate the user and check using a HLR database (for "Home Location Register") that he has subscribed to the requested service. If so, the operator then authorizes access to the mobile phone carrying the SIM card whose data has been used for authentication and registration with the operator's network.
    Moreover, we now know the reprogrammable SIM cards, and more particularly the embedded subscriber identity modules or eUICC module. These reprogrammable modules allow a user to change operator without having to physically replace the SIM card in the mobile phone. The main specifications of an eUICC module are defined by the GSMA group (for "Global System for Mobile Communications Association") in the GSMA SGP.02 v3.0 standard entitled "Remote Provisioning Architecture for Embedded UICC - Technicai Specification -
    Version 3.0 "dated June 30, 2015. An eUICC module is a small, secure hardware element that can be integrated into a mobile device to implement the functions of a traditional SIM card.
    In particular, an eUICC module is able to contain several communication profiles (hereinafter also called "profiles"). Each profile is contained in a dedicated secure domain named ISD-P according to said GSMA standard. When a communication profile is active, it allows the mobile phone to securely access the communication network of an associated operator, as well as the services defined by the profile in question. By changing the active communication profile in the eUICC module, it is possible to change operator or modify access to associated services (voice and / or data services for example).
    However, when an eUICC module includes several communication profiles, it is necessary to deactivate one profile when one wishes to activate another one. To do this, the SM-SR server in charge of the lifecycle of the profiles loaded within an eUICC module sends requests via the cellular network to, for example, activate or deactivate the profile in question in the eUICC module.
    When a communication profile is activated in the eUICC module, the operator, who is the owner and responsible for said active communication profile, is generally led, via a remote server, to perform management and / or maintenance operations. content of this active profile. These operations can be, for example, updates of data in the file system of the profile or even, for example, install or uninstall new applications in this active profile.
    There is now a need to improve the management of the communication profile content in an eUICC module cooperating with a communication terminal.
    OBJECT AND SUMMARY OF THE INVENTION To this end, the present invention relates to an embedded subscriber identity module (or eUICC module) adapted to cooperate with a communication terminal, comprising: a plurality of communication profiles, at least two said communication profiles being active at the same time so as to allow the communication terminal to communicate with each mobile telephone network associated with said at least two active communication profiles; - A receiving module for receiving, from the communication terminal, a command for one of the active communication profiles, said recipient profile; and a determination module for determining the recipient profile among the active communication profiles from an identifier of the recipient profile included in said command.
    The present invention makes it possible to determine, for each command received by an eUICC module, the active active communication profile of said command. Thanks to the invention, an eUICC module can thus maintain in the active state a plurality of profiles, each of the profiles being able to receive and process the commands intended for it. In this way, multiple profiles can be activated at the same time and no activation and deactivation requests can be sent from the mobile network operators, thus limiting traffic and network resources.
    According to a particular embodiment, the embedded subscriber identity module comprises a processing module for directing (or sending) the command to said recipient profile. It is thus possible to direct each command to the appropriate active profile.
    According to a particular embodiment, the communication terminal comprises at least one radio interface, at least one of the active communication profiles having access to said at least one radio interface in order to allow the establishment of a communication between the terminal. communication network and the mobile telephone network associated with said active communication profile.
    According to a particular embodiment, said command is an APDU command conforming to the ISO 7816-4 standard, and in which the identifier of the destination profile is included in the CLA class byte defined by the ISO 7816-4 standard.
    According to a particular embodiment, the identifier of the destination profile is coded on the basis of bit 5 of the class byte CLA.
    According to a particular embodiment, bit 5 of class byte CLA can switch between a first state and a second state, the determination module being configured to determine that a first active communication profile in the identity module. on-board subscriber is addressed to said command when bit 5 is in the first state, and to determine that a second active communication profile in the on-board subscriber identity module is destination of said command when bit 5 is in the second state, said first and second active communication profiles being distinct from each other
    According to a particular embodiment, the identifier of the destination profile is coded on the basis of bits 1 and 2 of the class byte CLA.
    According to a particular embodiment, the bits 1 and 2 of the CLA class byte can each switch between a first state and a second state, the determination module being configured to determine the destination profile from the state in which are said bits 1 and 2 in the APDU command. The invention also relates to a device capable of sending a command to an on-board subscriber identity module co-operating with a communication terminal, the device comprising: a sending module for sending the command to one of a plurality of active communication profiles at the same time in the on-board subscriber identity module, each active communication profile allowing the communication terminal to communicate with a respective mobile network; and a processing module configured to include, before sending the command, an identifier of an active communication profile that is the recipient of said command.
    The device may for example be the terminal itself or a remote content management server, said terminal and the server being in accordance with GSMA SGP.02 v3.0 standards (referred to as "GSMA standard" in this disclosure). As referenced in the GSMA standard, the following standards can be used to manage the content of active profiles within the scope of the invention: ETSITS 102 225 "Securedpacket structure for UICC based applications" release 12 and / or ETSI TS 102 226 "Remote APDU structure for UICC based applications »release 9 and / or GlobalPlatform Card Specification v.2.2 Amendment B: Remote Application Management over http vl.1.3.
    The various embodiments defined above with reference to the embedded subscriber identity module apply by analogy to the device of the invention. The invention also relates to a system comprising: an on-board subscriber identity module as defined above; a communication terminal cooperating with the onboard subscriber identity module; and - at least one device as defined above.
    According to one embodiment, the invention is implemented by means of software and / or hardware components. In this context, the term "module" may correspond in this document as well to a software component, a hardware component or a set of hardware and software components. The invention further relates to a signal transmitted by a device to an on-board subscriber identity module cooperating with a communication terminal, said embedded subscriber identity module comprising a plurality of active communication profiles, each active communication profile. authorizing the termina! communication system to communicate with a respective mobile telephone network, wherein the signal carries a command comprising an identifier of a communication profile recipient of said command among said active communication profiles.
    Correlatively, the invention proposes a method of processing implemented by an embedded subscriber identity module (or module ellICC) cooperating with a communication terminal, comprising steps of: - maintaining in the activated state of at least two communication profiles, called active communication profiles, at the same time so that each active communication profile allows the communication terminal to communicate with a respective mobile network associated with said communication profile; receiving, from the communication terminal, a command intended for one of the active communication profiles, referred to as the recipient profile; and determining the recipient profile among the active communication profiles from an identifier of the recipient profile included in said command.
    The various embodiments defined above with reference to the on-board subscriber identity module apply by analogy to the processing method of the invention. The invention also proposes a sending method implemented by a device for sending a command to an on-board subscriber identity module cooperating with a communication terminal, the method comprising steps of: - inclusion, in a command, an identifier of a recipient communication profile among a plurality of active communication profiles at the same time in the on-board subscriber identity module, each active communication profile allowing the on-board subscriber identity module to communicate, via the communication terminal, with a respective mobile network; and - sending said command to the communication terminal destined for the recipient communication profile among the plurality of active profiles in the on-board subscriber identity module.
    The device may for example be the terminal itself or a remote content management server conforming to GSMA standards SGP.02 v3.0 and / or ETSI TS 102 225 "Secured packet structure for UICC based applications" release 12 and / or ETSI TS 102 226 "Remote APDU structure for UICC based applications" release 9 and / or GlobalPlatform Card Specification v.2.2 Amendment B: Remote Application Management over http vl.1.3.
    In a particular embodiment, the different steps of the processing method and the sending method are determined by computer program instructions.
    Accordingly, the invention also relates to a computer program on an information carrier (or recording medium), this program being capable of being implemented in an embedded subscriber identity module, in a device , or more generally in a computer, this program comprising instructions adapted to the implementation of the steps of a method of treatment or a method of sending as defined above.
    This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape. The invention also provides a computer-readable information carrier (or recording medium), and including instructions of a computer program as mentioned above.
    The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a floppy disk or a disk. hard. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can be downloaded in particular on an Internet type network.
    Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
    BRIEF DESCRIPTION OF THE DRAWINGS Other features and advantages of the present invention will emerge from the description given below, with reference to the accompanying drawings which illustrate embodiments having no limiting character. In the figures: FIG. 1 schematically represents an on-board subscriber identity module cooperating in a known manner with a terminal; FIG. 2 schematically represents a terminal, an on-board subscriber identity module and servers according to a particular embodiment of the invention; - Figures 3A and 3B schematically show two embodiments of the terminal; FIGS. 4 and 5 schematically represent modules implemented respectively in the on-board subscriber identity module of FIG. 2 and in a server represented in FIG. 2, in accordance with a particular embodiment of FIG. invention; FIG. 6 represents, in the form of a diagram, the main steps of a processing method and the main steps of a sending method, according to a particular embodiment of the invention; FIG. 7 diagrammatically shows the use of certain bits of the CLA class byte of an APDU command, according to particular embodiments of the invention; and FIG. 8 represents, in the form of a diagram, the main steps of a processing method and the main steps of a sending method, according to a variant of the embodiment illustrated in FIG. 6.
    Detailed description of embodiments
    As already indicated, the proposed invention relates to embedded subscriber identity modules (also called "eUICC modules") and more particularly relates to the use of such modules to simultaneously manage several communication profiles in cooperation with a communication terminal. .
    Today, the GSMA SGP.02 v3.0 standard (hereafter called "GSMA standard") imposes a constraint in the sense that only one profile at a time can be active in an eUICC module. In other words, the GSMA standard prohibits the case where several communication profiles would be active at the same time in an eUICC module.
    However, in particular in order to solve the problems mentioned above and to improve the management of communication profiles in an eUICC module, the present invention proposes to allow a plurality of profiles to be active at the same time in an eUICC module.
    Here, by "active" profile, or "active" profile, it is understood that a communication profile is activated in the eUICC module in order to allow the communication terminal (with which the eUICC module cooperates) to communicate with the telephony network associated with the profile in question. According to the GSMA standard, a profile (or the ISD-P secure domain in which it is contained) is said to be "active" (ENABLE) when its state parameter, called "life cycle", is set to state "3F" . Still according to the GSMA standard, a profile is on the contrary called "inactive" (DISABLE) when its "life cycle" state parameter is set to the "IF" state.
    As explained in more detail later, a communication profile can be active without having access to the radio interface of the communication terminal. Access to this radio interface may in certain cases be limited particularly when there are not as many radio interfaces in the communication terminal as active profiles at the same time in the eUICC module. An active profile only allows communication between the communication terminal and the mobile network associated with the profile to be established when the latter has access to the radio resource of the communication terminal.
    In conventional eUICC modules, the fact that only one profile can be active at a given time has the consequence that it is not possible to use several mobile phone subscriptions simultaneously, as is possible for example in a telephone DUAL SIM using two separate SIM cards at the same time.
    To simultaneously use several subscriptions in the same communication terminal, one solution could be to integrate several eUICC modules in the same communication terminal. Such an approach, however, presents significant constraints in terms of cost and manufacturing in particular.
    FIG. 1 represents a conventional eUICC module 4 capable of cooperating with a communication terminal 2 to enable a user to communicate with a mobile telephone network 22. In this example, the operating system 6 (or OS) of the eUICC module 4 is able to use the communication profiles 8 and 10. In accordance with the GSMA standard indicated above, only one of the profiles 8 and 10 can be active at a given moment. The eUICC module 4 is able to communicate with the terminal 2 via a physical link of the ISO 7816 type. The radio interface 16 of the terminal 2 is capable of transmitting and receiving radio communications with the outside via, for example, an antenna ( not shown). The only profile (8 or 10) that is active in the eUICC module 4 has access (via the operating system of the terminal 2) to the radio interface 16 via the link 12 so as to allow the establishment a communication 13, which may be of a given type (data) and / or voice (voice) between the terminal 2 and the mobile telephone network 22 associated with the profile in question.
    As indicated above, the present invention provides the possibility of having a plurality of active profiles at the same time in an eUICC module. This approach, however, presents a difficulty in the sense that there is no solution today allowing an eUICC module, in which several profiles would be able to be active at the same time, to manage appropriately orders received since outside the communication terminal to one or the other of the active profiles.
    In particular in order to solve the problems mentioned above, and in order to improve the management of the communication profiles in an eUICC module, the present invention proposes to allow an eUICC module to determine the active recipient profile of each command received via the terminal. Communication. To do this, the invention provides the inclusion, in each command sent to the eUICC module to a communication profile, an identifier of the active profile recipient of said command. The eUICC module is thus able, from this identifier, to determine the recipient profile and may advantageously direct the command to the recipient profile thus determined.
    As explained later, various embodiments and variants may be envisaged within the scope of the invention. In particular, various types of identifier to be included in the commands can be envisaged to identify the active recipient profile in the eUICC module.
    Unless otherwise indicated, the elements common or similar to several figures bearing the same reference signs and having identical or similar characteristics, so that these common elements are not generally again described for the sake of simplicity.
    FIG. 2 schematically represents the structure of an eUICC module (denoted eUICCl) capable of cooperating with a communication terminal T to allow access to a mobile telephone network R. The eUICCl module is, for example, soldered or integrated in the terminal T.
    In the embodiment described here, the terminal T is a mobile terminal such as a mobile phone, for example, other implementations are however conceivable within the scope of the invention.
    In the embodiment described here, the mobile terminal T can use the eUICCl module to securely access the network RI and the network R2 (collectively called R), as well as the services provided by the associated telephony operator MNO1, MN02 (more generally called MNO for "Mobile Network Operator").
    In this particular embodiment, the mobile terminal T includes an OS2 operating system capable of controlling in particular an INT radio interface. As represented in FIG. 3A, this radio interface INT comprises, for example, in a known manner, a radio transceiver unit 30 coupled to an antenna 32. As explained later with reference to FIG. 3B, it is also possible to envisage the presence in the terminal. T of a plurality of radio interfaces.
    In the embodiment described here, the eUICCl module comprises an OS1 operating system (stored in a non-volatile memory, a read-only memory or Flash for example) coupled to a rewritable non-volatile memory MR.
    The OS1 operating system comprises a number of modules which will be described in more detail later with reference to FIG. 4.
    The OS1 operating system is an example of a computer program within the meaning of the invention, this program comprising instructions for executing the steps of a processing method according to a particular embodiment of the invention. The memory in which the operating system OS1 is thus constitutes an example of a recording medium within the meaning of the invention, readable by a processor (not shown) of the eUICCl module.
    As represented in FIG. 2, the nonvolatile memory MR of the eUICCl module also comprises a privileged security domain ISD-R, as well as secondary security domains ISD-P noted in this example ISD-P1 and ISD-P2. Each security domain (or secure domain) is a secure compartment of the eUICCl module. It will be understood that the particular embodiment envisaged here is only a non-limiting example of implementation of the invention, the number of ISD-P domains can in particular be adapted according to the use case.
    The ISD-R security domain is preferred in that it is in particular able to create, delete, activate or deactivate ISD-P secondary security domains in the non-volatile memory MR.
    Each ISD-P secondary security domain is able to contain a single communication profile P (or operational profile) associated with a particular MNO telephony operator. Each profile P is thus contained in an ISD-P security domain which is dedicated to it. In known manner, a communication profile P comprises subscription data (eg identifiers (IMSI etc.), cryptographic keys, algorithms (eg authentication), etc.) and may further comprise a file system, applications, or predetermined rules of execution. In the example envisioned here, the P profiles conform to the GSMA standard.
    More particularly, in the example described here, the secondary security domain ISD-P1 comprises a communication profile PI allowing, when active, the terminal T to communicate with a first mobile network RI associated with the telephony operator. MNOl. The ISD-P1 security domain may further comprise APP1 applications specific to the MNO1 operator to which the user has subscribed. Alternatively, the APP1 applications defined for the PI profile can be contained in the PI profile itself.
    Similarly, the secondary security domain ISD-P2 includes a P2 communication profile allowing, when active, the terminal T to communicate with a second mobile network R2 associated with a second MN02 operator. The ISD-P2 security domain may further include MN02-specific APP2 applications to which the user has subscribed. Alternatively, the APP2 applications defined for the P2 profile can be contained in the P2 profile itself.
    In the embodiment described here, the eüICCl module is able to maintain a plurality of communication profiles P (namely PI and P2 in this example) in the active state at the same time.
    The eUICCl module is also able to communicate, via the terminal T (and in particular its radio interface INT), securely with a remote server SM-SR (for "Subscription Manager-Secure Routing") belonging to both the IN network and the R2 network.
    The communication between the eUICCl module and the terminal T is performed in this example via an L link compliant with the ISO 7816 standard (as defined more particularly according to ISO 7816-3 and ISO 7816-4).
    In this particular embodiment, the network RI comprises a remote content management server SRI allowing the MNO1 operator to manage the content of the PI profile in the eUICCl module. Likewise, the network R2 comprises a remote content management server SR2 enabling the operator MN02 to manage the content of the profile P2 in the eUICCl module. Once the PI and P2 profiles activated within the eUICCl module, MNOl and MN02 operators can use their respective server SRI, SR2 to perform application or file management operations within the associated active profile.
    These remote servers SRI, SR2 are for example RAM servers for "Remote Application Management" or RFM type for "Remote File Management".
    The management of the profile content (applications and / or files) allows, within a profile, for example and without limitation, to install new applications, to update files, to uninstall applications, to create files, delete files, ...
    In this embodiment, to carry out the management of the PI profile (respectively P2), the remote content management server SRI (respectively SR2) is able to send, via the network RI (respectively R2) and the terminal T, commands specific to the PI profile (respectively P2) in the eUICCl module. These specific commands, called content management commands, make it possible to manage the files and / or the applications of the PI profile (respectively P2) targeted in the eUICCl module. These specific commands may, for example, and in a non-exhaustive manner, include the APDU commands "update record", "delete file", "update binary", "install install", "select file", ... known to the man of career. Each remote server SRI, SR2 can thus use the INT radio interface of the terminal T to reach a target active profile in the eUICCl module.
    In the exemplary embodiment described here, the server SRI implements an OS3 operating system. The OS3 operating system is an example of a computer program within the meaning of the invention, this program comprising instructions for executing the steps of a sending method according to a particular embodiment of the invention. The memory (not shown) in which the OS3 operating system is located is an example of a recording medium within the meaning of the invention, readable by a processor (not shown) of the remote content management server.
    It will be understood that the remote content management server SR2 has a structure and operation similar to those of the server SRI so that the server SR2 will not be described in detail in this disclosure.
    In the example considered here, the content management server SRI is able to send content management CMD commands to the terminal T to one of the communication profiles P that are in the active state and under his responsibility in the eUICCl module. In order to receive and process a CMD command, a communication profile P must be active. In this example, the ISD-R security domain is able to activate a profile P in response to an activation command sent by the SM-SR server.
    The CMD commands that can be received by a profile P when it is active can, for example, be APDU type.
    As represented in FIG. 2, in this example, the operators MNO1 and MN02 are each able to communicate with a respective SM-DP server (or more generally a device), named here respectively SM-DP1 and SM-DP2. In addition, the MNO1 and MN02 operators here each have access to a respective database (DB1 and DB2) each containing subscription information in particular. In particular, the use of the servers SM-DP1, SP-DP2 and databases DB1, DB2 is not necessary to implement the invention.
    The servers SM-DP1 and SM-DP2 are each capable of transmitting to the SM-SR server commands for creating profiles (creation of an ISD-P domain ...) and initial data to be loaded into a profile. On the other hand, in accordance with the invention, the eUICCl module is able to receive the CMD commands originating from the remote content management servers SRI, SR2 and to direct them to the active communication profile P that is the recipient of the said CMD command. among a plurality of active profiles in the eUICCl module.
    The eUICCl module, the terminal T and the content management servers SRI and SR2 together form a SY system.
    It will be understood that certain elements generally present in an eUICC module, in a communication terminal T or in an SM-SR server or in a content management server have been deliberately omitted because they are not necessary for the understanding of the present invention. . In addition, the skilled person will understand that certain elements are described here to facilitate the understanding of the invention although they are not mandatory or directly involved in the implementation of the invention.
    As indicated above with reference to FIG. 3A, the terminal T may comprise a single INT radio interface. In this case, only one of the active profiles P in the eUICCl module can allow, at a given instant, the establishment of a communication between the terminal T and the mobile network R. In this case, when the profiles PI and P2 are active at the same time, only one of the two profiles P is able to establish a communication with the network of the associated MNO operator.
    However, the inclusion in the terminal T of a plurality of INT radio interfaces can be envisaged. FIG. 3B represents, for example, an embodiment according to which the terminal T comprises a switch 34 able to wiggle the communications between the module EUICC1 and two radio interfaces INTA and INTB of the terminal T. The radio interface INTA (respectively INTB) here comprises a radio transmitting / receiving unit 36A (respectively 36B) coupled to an antenna 38A (respectively 38B). According to this embodiment, the switch 34 can direct each CMD command received by one of the INTA, INTB radio interfaces to the eUICCl module. When a channel between the eUICCl module and a radio interface is used, the other channel between the eUICCl module and the other radio interface is not available.
    As already indicated, a communication profile P which is active in the eUICCl module is able to establish a communication between the terminal T and an associated mobile network R only when this profile P has access to the radio resources of the terminal T (c ' ie at the radio interface).
    According to a particular embodiment, the terminal T is able to multiplex in time the data sent or received by different profiles P in the eUICCl module.
    As represented in FIG. 4, the OS1 operating system of the eUICCl module implements in this example a certain number of modules, namely: a reception module M2, a determination module M4 and a processing module M6.
    More particularly, the reception module M2 is able to receive, from the communication terminal T, a command denoted CMD intended for one of the communication profiles P, called the recipient profile, which is active in the eUICCl module.
    The determination module M4 is configured to determine the recipient profile among the active communication profiles P from an identifier of the recipient profile included in each received CMD command.
    In addition, in this example, the processing module M6 is configured to direct each received CMD command to the destination profile determined by the determination module M4.
    It will be understood that the above definition of the modules M2, M4 and M6 is only a non-limiting embodiment of the invention. At least two of these modules can in particular form a single module implemented in the eUICCl module.
    As represented in FIG. 5, the operating system OS3 of the content management server SRI sets, in this example, an processing module M10 and an sending module M12.
    More particularly, the processing module M10 is configured to include, in a command CMD to send to the eUICCl module, an identifier of a communication profile P recipient of the command CMD.
    The sending module M12 is also configured to send to the eUICCl module the CMD command comprising said identifier, said CMD command being destined for said destination profile.
    Since the content management server SR2 is identical to the SRI content management server, it will not be described in more detail in this presentation.
    It will be understood that the above definition of the modules M10 and M12 is only a non-limiting embodiment of the invention. At least two of these modules may in particular form a single module implemented in the content management server.
    A particular embodiment of the invention, implemented in particular by the eUICCl module and by the remote content management server SRI, is now described with reference to the diagram of FIG. 6. To do this, the eUICCl module executes the operating system OS1 to implement a processing method according to a particular embodiment, and the content management server SRI executes the OS3 operating system to implement a sending method according to an embodiment particular.
    It is assumed here that the communication profiles PI and P2 were previously activated in the module eUICCl. In this example, each profile activation is for example carried out by the privileged security domain ISD-R in response to an activation request sent by the SM-SR server associated with the profile P in question. It is assumed that the module ellICCl maintains (A2) in the active state the profiles PI and P2 in the following of this example of the processing method.
    During a generation step C4, the SRI content management server generates a CMD command for the active PI communication profile in the eUICCl module. This CMD command is for example of the APDU type compliant with the ISO 7816-4 standard.
    In a particular example, the CMD command is an envelope type APDU command, which can contain at least one command (update of a file ...) to an active profile in the eUICCl module.
    During an inclusion step C6, the content management server SRI includes, in the CMD command, a identifier ID of the profile P that is the recipient of the said CMD command (namely the profile PI in this example). As indicated later, this identifier ID can take various forms depending on the use case.
    During a sending step C8, the content management server SRI sends the terminal T the CMD command with the identifier ID. Once received (B8), the terminal T transfers (B10) to the eUICCl module the CMD command, to the profile P identified by the identifier ID.
    The eUICCl module receives the CMD command during a reception step A10.
    The eUICCl module then determines (A12), from the identifier ID included in the CMD command, the active P profile destination of the CMD command.
    During a sending step A14, the eUICCl module sends the CMD command to the destination profile P determined in step A12. The eUICCl module is thus able to direct a received command to the appropriate active P profile.
    In response to the received CMD command, the recipient P profile performs the appropriate processing A16 relating to the received command.
    In this embodiment, the inclusion steps C6 and send C8 are performed by the modules M10 and M12, respectively, of the content management server SRI. Likewise, the reception steps A10, determination A12 and sending A14 are carried out respectively by the modules M2, M4 and M6.
    The content management server SR2 may be configured to implement the sending method of the invention in the same manner as the remote server SRI.
    According to a particular embodiment, the CMD command sent to C8 by the SRI content management server and processed by the eUICCl module is an APDU command compliant with the ISO 7816-4 standard.
    As indicated above, the identifier ID of the active profile recipient of the CMD command can take different forms, depending on the use case.
    According to a particular embodiment, the identifier ID of the destination profile is included in the CLA class byte of the CMD command, as defined by the ISO 7816-4 standard.
    FIG. 7 schematically represents the state of the CLA class byte bits of the CMD command according to various embodiments.
    According to a particular embodiment, the identifier ID of the destination profile is coded on the basis of the bit 5 (denoted b5) of the class byte CLA of the command CMD. In other words, the SRI content management server is configured to format the CMD command to be sent to the terminal T by coding the identifier ID using the CLA class byte bit 5 of the CMD command. In accordance with ETSI 102221, bit 5 of the CLA class byte has no predefined use. The invention therefore proposes, in this particular embodiment, advantageously using this bit 5 of the CLA byte in order to identify the active P profile which is the destination of the command in question.
    According to a particular embodiment, the bit 5 of CLA class byte of a CMD command can switch between a first state 'O' and a second state'l ', the determination module M4 being configured to determine that the first active communication profile PI in the module eUICCl is the destination of a CMD command when the bit b5 is in the state Ό ', and for determining that the second active communication profile P2 is the destination of the command CMD when the bit b5 is in state Ί ', said active profiles PI and P2 being distinct from each other. The use of bit 5 advantageously makes it possible to differentiate the traffic entering the module eUICCl, to either a first profile PI or a second profile P2. Note however that only one bit is used here (this bit can only take states Ό 'and '10 so that it is not possible to differentiate more than two different active profiles.
    This embodiment has the particular advantage that it is possible to use two active profiles P simultaneously by giving each profile P access to an INTA radio interface, INTB as shown in FIG. 3B. If, on the other hand, only one radio interface INT is available in the terminal T (as represented in FIG. 3A), only the active profile P having access to the radio interface INT at a given instant is able to establish a communication between the terminal T and the mobile network (RI or R2) associated with said profile.
    Note, however, that according to the ISO 7816 standard, bit 5 can be used for the "command chaining control" function, when this function is supported by the eUICC module. Also, when bit 5 of the CLA byte is used to identify the recipient P profile, the "command chaining control" function can not be used.
    Moreover, in the embodiment described above, it is the content management servers SRI, SR2 that implement the sending method of the invention. However, it will be understood that the method of sending the invention can be realized by another entity depending on the particular case.
    According to a particular embodiment, the inclusion of the identifier ID of the recipient active profile is performed by the terminal T after receiving the command. In other words, it is the terminal T which implements the sending method according to the invention, in which the terminal T included in a CMD command an identifier ID of an active profile receiving the command within the eUICCl module. . This identifier ID is for example coded using bit 5 of the CLA class byte of the CMD command. Once the inclusion has been completed, the terminal T sends the command comprising the identifier ID to the eUICCl module so that the latter orders the order towards the destination profile from the identifier ID.
    As represented for example in FIG. 2, when an active profile P of the module eUICC1 communicates with the terminal T, it does so via the ISO interface 7816 represented by the link L. According to the ISO standard 7816, 4 different logical channels can normally be used to communicate between the eUICCl module and the terminal T, the used logical channel being identified in each APDU command with bits 1 and 2 of the CLA class byte. An active profile P receiving an APDU command can thus be aware of the logical channel used by the transmission via the link L.
    As shown in FIG. 7, CHO, CH1, CH2 and CH3 denote the 4 logical channels normally available through the link L between the eUICCl module and the terminal T.
    A variant of the embodiment described above with reference to FIG. 6 is now described with reference to FIG. 8. According to this variant, the sending method is carried out by the terminal T and not by the SRI content management server. or SR2.
    According to this particular embodiment, the content management server SRI generates (C4) a CMD command as described above with reference to FIG. 6. The content management server SRI then sends (C8) the CMD command to the terminal T.
    The terminal T receives the command CMD during a reception step B8. The terminal T included (B30) then, in the CMD command received, an identifier ID of the active profile P recipient of the CMD command within the eUICCl module.
    In this embodiment, the identifier ID of the destination profile of the CMD command is coded on the basis of bits 1 and 2 of the CLA class byte of said command (FIG. 7). In other words, the terminal T is configured to format the CMD command received from the SRI content management server by encoding the identifier ID using bits 1 and 2 of the class byte CLA. This particular mode therefore advantageously uses the two bits b1 and b2 normally dedicated to the identification of the logical channel used in the link L, to identify this time the active profile P recipient of an APDU command. In this particular embodiment, the terminal T allocates one or more combinations of the states of bits 1 and 2 (CHO to CH3) to the same profile P.
    According to a particular embodiment, the bits 1 and 2 of the CLA class byte of a CMD command can each switch between a first state Ό 'and a second state Ί', the determination module M4 being configured to determine the recipient profile P from the state in which said bits 1 and 2 are in the CMD command.
    According to a particular embodiment, the terminal T is configured to always allocate the same logical channel (s) to the same active profile in the eUICC module. In other words, each active profile in the eUICC module is always assigned the same logical channel (s) by the terminal T (for example the CHO channel for a PI profile and the CH1 and CH2 channels for the P2 profile). According to an alternative embodiment, the terminal is configured to allocate the logical channels dynamically to the active profiles. The use of bits 1 and 2 of the class byte CLA in the context of the invention is advantageous in that it is possible to identify if necessary more than two distinct recipient profiles P. In addition, this embodiment allows the use of the "command chaining control" function according to the GSMA standard.
    As represented in FIG. 8, the terminal T sends (B10) then, to the module eUICCl, the command CMD comprising the identifier ID of the active profile P recipient. The eUICCl module receives the CMD command during a reception step A10 and performs the steps A12, A14 and A16 as already described above with reference to FIG. 6.
    According to a particular embodiment, the eUICCl module is capable of interpreting the identifier ID of the destination profile on the basis of bit 5 of the class byte CLA in accordance with the ISO 7816-4 standard and / or on the basis of the bits 1 and 2 CLA byte according to ISO 7816-4.
    The present invention makes it possible to direct each command received by an eUICC module to the appropriate active communication profile. Thanks to the invention, an eUICC module can thus maintain a plurality of profiles in the active state. In this way, multiple profiles can be enabled at the same time and no activation and deactivation requests can be sent from mobile SM-SR servers, limiting traffic and network resources.
    The present invention makes it possible, for example, to use in an eUICC module a first subscription (linked to a first profile) to perform a "voice" type communication, and to simultaneously use a second subscription (linked to another profile) to realize a "data" type communication. Other hybrid uses of several active profiles at the same time are possible within the scope of the invention, for example: - use different subscriptions depending on the time of day, - use different subscriptions depending on whether call on the terminal is incoming or outgoing, or alternatively - use different subscriptions depending on whether a call is national or international.
    Those skilled in the art will understand that the embodiments and variants described above are only non-limiting examples of implementation of the invention. In particular, those skilled in the art may consider any adaptation or combination of the embodiments and variants described above to meet a particular need.
    权利要求:
    Claims (16)
    [1" id="c-fr-0001]
    An on-board subscriber identity module (eUICCl) adapted to cooperate with a communication terminal (T), comprising: a plurality of communication profiles (P), at least two of said communication profiles being active at the same time; so as to allow the communication terminal to communicate with each associated mobile network (RI, R2) to the at least two active communication profiles; - a receiving module (M2) for receiving, from the communication terminal (T), a command (CMD) for one of the active communication profiles (P), said destination profile; and a determination module (M4) for determining the recipient profile among the active communication profiles from an identifier of the recipient profile included in said command.
    [2" id="c-fr-0002]
    An on-board subscriber identity module according to claim 1, comprising a processing module (M6) for directing the command to said recipient profile.
    [3" id="c-fr-0003]
    An on-board subscriber identity module according to claim 1 or 2, wherein the communication terminal (T) comprises at least one radio interface (INT), at least one of the active communication profiles having access to said least one radio interface to allow the establishment of a communication between the communication terminal and the mobile network (RI, R2) associated with said active communication profile.
    [4" id="c-fr-0004]
    An on-board subscriber identity module according to any one of claims 1 to 3, wherein said command is an APDU command conforming to ISO 7816-4, and wherein the identifier (ID) of the destination profile is included in the CLA class byte defined by ISO 7816-4.
    [5" id="c-fr-0005]
    An on-board subscriber identity module according to claim 4, wherein the identifier of the destination profile is encoded on the basis of bit 5 of CLA class byte.
    [6" id="c-fr-0006]
    An on-board subscriber identity module according to claim 5, wherein bit 5 of the CLA class byte can switch between a first state and a second state, the determination module being configured to determine that a first profile of active communication in the on-board subscriber identity module is addressed to said command when bit 5 is in the first state, and for determining that a second active communication profile in the on-board subscriber identity module is addressed to said command when bit 5 is in the second state, said first and second active communication profiles being separate from each other.
    [7" id="c-fr-0007]
    The on-board subscriber identity module according to claim 4, wherein the identifier of the destination profile is encoded on the basis of bits 1 and 2 of the CLA class byte.
    [8" id="c-fr-0008]
    The on-board subscriber identity module according to claim 7, wherein the CLA class byte bits 1 and 2 can each switch between a first state and a second state, the determination module (M4) being configured to determining the destination profile from the state in which said bits 1 and 2 are in the APDU command.
    [9" id="c-fr-0009]
    9. Device (SRI; T) capable of sending a command (CMD) to an on-board subscriber identity module (ellICCl) cooperating with a communication terminal (T), the device comprising: a sending module (M12) ) to send the command to one of a plurality of active communication profiles (P) at the same time in the on-board subscriber identity module, each active communication profile allowing the communication terminal to communicate with a network respective mobile telephony (RI, R2); and a processing module (M10) configured to include, before sending the command, an identifier of an active communication profile that is the recipient of said command.
    [10" id="c-fr-0010]
    The device of claim 9, wherein said device is the terminal (T) or a remote content management server conforming to GSMA SGP.02 v3.0.
    [11" id="c-fr-0011]
    11. System comprising: - an embedded subscriber identity module (eUICCl) according to any one of claims 1 to 8; a communication terminal cooperating with the onboard subscriber identity module; and - at least one device (SRI) according to claims 9 or 10.
    [12" id="c-fr-0012]
    12. Signal transmitted by a device (SRI; T) to an on-board subscriber identity module (eUICCl) cooperating with a terminal, said embedded subscriber identity module comprising a plurality of active communication profiles (P), each active communication profile authorizing the communication terminal to communicate with a respective mobile telephone network (RI, R2), in which the signal carries a command (CMD) comprising an identifier (ID) of a communication profile which is addressed to said command among said active communication profiles.
    [13" id="c-fr-0013]
    13. Processing method implemented by an embedded subscriber identity module (eUICC) cooperating with a communication terminal (T), comprising steps of: - maintaining (A2) in the activated state of at least two communication profiles (P), so-called active communication profiles, at the same time so that each active communication profile allows the communication terminal to communicate with a respective mobile network (RI, R2) associated with said communication profile ; - receiving (A10) from the communication terminal (T), a command (CMD) for one of the active communication profiles (P), said destination profile; and determining (A12) the recipient profile among said active communication profiles from an identifier (ID) of the recipient profile included in said command.
    [14" id="c-fr-0014]
    14. A sending method implemented by a device (SRI; T) for sending a command (CMD) to an on-board subscriber identity module (eUICCl) cooperating with a communication terminal (T), comprising steps of : - including (C6; B30), in a command (CMD), an identifier (ID) of a recipient communication profile among a plurality of active communication profiles (P) at the same time in the identity module on-board subscriber, each active communication profile allowing the embedded subscriber identity module to communicate, via the communication terminal, with a respective mobile network (RI, R2); and - sending said command to the communication terminal (T) destined for the recipient communication profile (P) among the plurality of active profiles in the on-board subscriber identity module.
    [15" id="c-fr-0015]
    A computer program (OS1; OS2; OS3) comprising instructions for executing the steps of a method according to claim 13 or 14 when said program is executed by a computer.
    [16" id="c-fr-0016]
    Computer readable recording medium on which a computer program (PG1; PG2) is recorded including instructions for performing the steps of a method according to claim 13 or 14.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3117640B1|2018-08-29|Embedded subscriber identity module capable of managing communication profiles
    EP3542563B1|2020-11-11|Installation of a profile in an embedded subscriber identity module
    EP3395089B1|2019-11-27|Embedded subscriber identity module comprising communication profiles
    CA2243530A1|1999-02-14|Improved process for the loading of a predetermined list of items by a mobile terminal driven by a subscriber identification module, with the corresponding command, subscriber identification number and mobile terminal
    EP3395090B1|2020-05-13|Method for controlling an embedded subscriber identity module
    EP3072322B1|2020-01-01|Notification method for configuring a secure element
    FR2983027A1|2013-05-24|METHOD FOR SELECTING AN APPLICATION IN A TERMINAL, AND TERMINAL USING THE SAME
    FR3034611A1|2016-10-07|METHOD FOR CONFIGURING A CARD OF THE EUICC TYPE
    EP3195638B1|2018-07-04|Method for administering life cycles of communication profiles
    WO2015092307A1|2015-06-25|Method for testing and updating the system of a terminal by means of a subscriber identity module and associated devices
    EP3648490A1|2020-05-06|Management of subscriber profiles simultaneously active in an euicc card using a plurality of separate links
    EP3531729A1|2019-08-28|Configuration of an on-board subscriber identity module
    EP3278542B1|2019-01-02|System and method for executing an application on a terminal provided with a chip card
    EP3917184A1|2021-12-01|Method and devices for management of communication profiles
    EP2018783A1|2009-01-28|Method of determining associations between priority information and group call categories of a group call service deployed on a mobile telephone network
    FR3002408A1|2014-08-22|Method for configuring supply profile of terminal e.g. mobile phone, by embedded universal integrated circuit card, involves obtaining and storing identifier of current supply profile compatible with current use region of terminal
    FR3099258A1|2021-01-29|Dynamic adaptation of a secure element execution environment to profiles
    WO2021130440A1|2021-07-01|Method for configuring a user device, user device, and rule management entity
    FR3087079A1|2020-04-10|SUBSCRIBER IDENTIFICATION CARD FOR A MOBILE TERMINAL
    FR3094863A1|2020-10-09|A method of simultaneously communicating data by a cellular device.
    同族专利:
    公开号 | 公开日
    US20190007082A1|2019-01-03|
    EP3395089A1|2018-10-31|
    JP6812444B2|2021-01-13|
    US10833715B2|2020-11-10|
    CN108702613A|2018-10-23|
    FR3046010B1|2019-05-17|
    CN108702613B|2021-09-21|
    ES2774032T3|2020-07-16|
    EP3395089B1|2019-11-27|
    WO2017109381A1|2017-06-29|
    JP2019504553A|2019-02-14|
    KR20180096658A|2018-08-29|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    EP2884712A1|2013-12-12|2015-06-17|Gemalto SA|Method of managing communication between a secure element and a host device|
    US20150349826A1|2014-05-30|2015-12-03|Apple Inc.|SUPPORTING SIM TOOLKIT APPLICATIONS IN EMBEDDED UICCs|
    US20150350878A1|2014-05-30|2015-12-03|Apple Inc.|Electronic subscriber identity module selection|
    US20040185888A1|2003-03-18|2004-09-23|Nokia Corporation|Solving mobile station identity in a multi-SIM situation|
    US20080163201A1|2006-12-29|2008-07-03|Fabrice Jogand-Coulomb|Apparatuses for launching a program application|
    SE532568C2|2009-04-09|2010-02-23|Smarttrust Ab|Method of identifying a mobile phone|
    CN101835281A|2010-02-24|2010-09-15|中兴通讯股份有限公司|Method for carrying out data interaction with subscriber identification card and mobile terminal|
    US20140344922A1|2013-05-17|2014-11-20|Fixmo, Inc.|Multi-profile mobile device interface for same user|
    CN103533634A|2013-10-25|2014-01-22|中国联合网络通信集团有限公司|Profile activation system, eUICC and profile activation method of eUICC|
    EP2908561A1|2014-02-18|2015-08-19|Gemalto SA|Method of managing several profiles in a secure element|
    US20150296369A1|2014-04-14|2015-10-15|Qualcomm Incorporated|Handling of Subscriber Identity Module Cards with Multiple Profiles|
    EP3136252A4|2014-05-23|2017-05-10|Huawei Technologies Co. Ltd.|Euicc management method, euicc, sm platform and system|US10477384B2|2018-02-28|2019-11-12|T-Mobile Usa, Inc.|ESIM profile state change|
    CN110535814A|2018-05-25|2019-12-03|中兴通讯股份有限公司|A kind of methods, devices and systems managing publisher's safety information domain|
    EP3709687A1|2019-03-15|2020-09-16|Nxp B.V.|Electronic device and method for managing an ic card with multiple sim profiles|
    法律状态:
    2016-11-21| PLFP| Fee payment|Year of fee payment: 2 |
    2017-06-23| PLSC| Publication of the preliminary search report|Effective date: 20170623 |
    2017-11-21| PLFP| Fee payment|Year of fee payment: 3 |
    2018-07-20| CD| Change of name or company name|Owner name: IDEMIA FRANCE, FR Effective date: 20180618 |
    2018-07-20| CJ| Change in legal form|Effective date: 20180618 |
    2019-11-20| PLFP| Fee payment|Year of fee payment: 5 |
    2021-09-10| ST| Notification of lapse|Effective date: 20210806 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1563129A|FR3046010B1|2015-12-22|2015-12-22|INBOX SUBSCRIBER IDENTITY MODULE COMPRISING COMMUNICATION PROFILES|
    FR1563129|2015-12-22|FR1563129A| FR3046010B1|2015-12-22|2015-12-22|INBOX SUBSCRIBER IDENTITY MODULE COMPRISING COMMUNICATION PROFILES|
    KR1020187018670A| KR20180096658A|2015-12-22|2016-12-20|An embedded subscriber identity module|
    EP16826409.1A| EP3395089B1|2015-12-22|2016-12-20|Embedded subscriber identity module comprising communication profiles|
    JP2018532759A| JP6812444B2|2015-12-22|2016-12-20|Embedded subscriber identification module with communication profile|
    US16/064,956| US10833715B2|2015-12-22|2016-12-20|Embedded subscriber identity module including communication profiles|
    CN201680081171.9A| CN108702613B|2015-12-22|2016-12-20|Embedded user identity module, device for sending command and communication system|
    PCT/FR2016/053572| WO2017109381A1|2015-12-22|2016-12-20|Embedded subscriber identity module comprising communication profiles|
    ES16826409T| ES2774032T3|2015-12-22|2016-12-20|Integrated subscriber identity module comprising communication profiles|
    [返回顶部]