Search

EP-3298810-B1 - APPARATUSES, METHODS AND SYSTEMS FOR VIRTUALIZING A REPROGRAMMABLE UNIVERSAL INTEGRATED CIRCUIT CHIP

EP3298810B1EP 3298810 B1EP3298810 B1EP 3298810B1EP-3298810-B1

Inventors

  • WANE, ISMAILA

Dates

Publication Date
20260506
Application Date
20160210

Claims (15)

  1. A mobile station comprising: a modem and at least one antenna configured to communicate in multi-active mode with a plurality of cellular networks; an application processor physically connected to a baseband processor, wherein the physical connection facilitates transmission of commands to the application processor from a cellular modem application hosted by the baseband processor; and one or more memories storing computer-executable instructions that, when executed, configure a mobile application running on the application processor to, in response to receipt of one or more commands from the baseband processor, communicate with a virtual reprogrammable embedded universal integrated circuit chip, eUICC, that is only accessible by the baseband processor via the application processor; wherein the computer-executable instructions, when executed by the application processor, further cause configuration of a virtual machine to host the virtual eUICC; and the computer-executable instructions, when executed by the application processor, cause configuration of the virtual machine by causing: initialization of a data storage module of the virtual machine with user-provided biometric information as a parameter to create encryption, decryption, and signature keys; loading of the data storage module upon each device boot-up; encryption and decryption of data associated with the virtual machine using the encryption and decryption keys; digitally signing of data associated with the virtual machine using the signature key; and storage of the digitally signed data in a storage memory.
  2. The mobile station of claim 1, wherein the virtual eUICC is stored within a trusted execution environment, TEE, of the application processor.
  3. The mobile station of either of claims 1 or 2, wherein the mobile station further includes a biometric information capturing element comprising a built-in fingerprint scanner or camera device, and wherein the mobile station provides access to the virtual eUICC using one or more physically unclonable functions, PUFs, captured by the biometric information capturing element.
  4. The mobile station of claim 1, wherein the digitally signed data comprises at least one of a GSM file system, one or more Java ™ Card applications, or one or more network authentication keys, and wherein the digitally signed data is formatted into data blocks.
  5. The mobile station of claim 4, wherein the storage memory maintains the data blocks in a journaling file system.
  6. The mobile station of any preceding claim, wherein digitally signing the data associated with the virtual machine comprises signing checksums or hashes of the data with the signature key.
  7. The mobile station of any of preceding claim, wherein digitally signing the data associated with the virtual machine comprises: calculating redundancy check values for the data; and signing the redundancy check values with random keys.
  8. The mobile station of any of claims 1 to 7, wherein the virtual eUICC is hosted by a device that is remote from the mobile station.
  9. The mobile station of any of claims 1 to 8, wherein the baseband processor is programmed to non-electrically attach to the virtual eUICC; and optionally non-electrical attachment comprises a transmission to the application processor of a command initiated by the baseband processor; and optionally a radio interface layer of the application processor is configured to interpret and forward the command to the virtual eUICC.
  10. The mobile station of any of claims 1 to 9, wherein the virtual eUICC is configured to: receive indirect requests from the baseband processor; and generate responses to the indirect requests; and optionally the computer-executable instructions configure the application processor to communicate with the virtual eUICC via a radio interface layer of the application processor that is configured to: receive the generated responses to the indirect requests; and forward the generated responses to the baseband processor.
  11. The mobile station of any of claims 1 to 10, wherein the computer-executable instructions further configure the mobile application to, in response to receipt of one or more commands from the baseband processor, communicate with one or more additional virtual eUICCs that are not physically or electrically connected to the baseband processor.
  12. A method for communicating in multi-active mode with a plurality of cellular networks by a mobile station comprising a modem and at least one antenna, the method comprising: providing, in the mobile station, an application processor physically connected to a baseband processor, wherein the physical connection facilitates transmission of commands to the application processor from a cellular modem application hosted by the baseband processor; in response to receipt of one or more commands from the baseband processor, communicating, by a mobile application running on the application processor, with a virtual reprogrammable embedded universal integrated circuit chip, eUICC, that is only accessible by the baseband processor via the application processor; wherein causing configuration of a virtual machine to host the virtual eUICC; wherein causing configuration of the virtual machine optionally includes causing: initialization of a data storage module of the virtual machine with user-provided biometric information as a parameter to create encryption, decryption, and signature keys; loading of the data storage module upon each device boot-up; encryption and decryption of data associated with the virtual machine using the encryption and decryption keys; digitally signing of data associated with the virtual machine using the signature key; and storage of the digitally signed data in a storage memory.
  13. The method of claim 12, wherein the method is performed using the mobile station of any of claims 1 to 11.
  14. The method of claim 12, wherein: the virtual eUICC is stored within a trusted execution environment, TEE, of the application processor; and/or the mobile station further includes a biometric information capturing element comprising a built-in fingerprint scanner or camera device, and wherein the mobile station provides access to the virtual eUICC using one or more physically unclonable functions, PUFs, captured by the biometric information capturing element; and/or the digitally signed data comprises at least one of a GSM file system, one or more Java ™ Card applications, or one or more network authentication keys, and wherein the digitally signed data is formatted into data blocks; and optionally the storage memory maintains the data blocks in a journaling file system; and/or digitally signing the data associated with the virtual machine comprises signing checksums or hashes of the data with the signature key; and/or digitally signing the data associated with the virtual machine comprises calculating redundancy check values for the data; and signing the redundancy check values with random keys; and/or. the virtual eUICC is hosted by a device that is remote from the mobile station; and/or the method further comprises non-electrically attaching, by the baseband processor of the mobile station, to the virtual eUICC; and optionally non-electrical attachment comprises a transmission to the application processor of a command initiated by the baseband processor; and optionally the method further comprises: interpreting, by a radio interface layer of the application processor, the command; and forwarding, by the radio interface layer of the application processor, the command to the virtual eUICC; and/or the virtual eUICC is configured to receive indirect requests from the baseband processor; and generate responses to the indirect requests; and optionally communicating, by the application processor, with the virtual eUICC includes: receiving, by a radio interface layer of the application processor, the generated responses to the indirect requests; and forwarding, by the radio interface layer of the application processor, the generated responses to the baseband processor; and/or the method further comprises: in response to receipt of one or more commands from the baseband processor, communicating with one or more additional virtual eUICCs that are not physically or electrically connected to the baseband processor.
  15. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a mobile station having a modem and at least one antenna configured to communicate with a plurality of cellular networks, cause the mobile station to implement the method of any of claims 12 to 14.

Description

TECHNOLOGICAL FIELD Example embodiments of the present invention relate generally to the fields of software security, virtualization, and telecommunications, and more particularly, to the emulation in software of a reprogrammable universal integrated circuit chip. BACKGROUND According to the GSM Association (GSMA), there are over 5 billion subscriber identity module (SIM) cards deployed in the world each year. In addition, there will be over 50 billion connected devices in the so-called Internet of Things (IoT) by 2020, according to various industry reports. Access to the Internet will be generally facilitated via cellular networks through physical SIM cards integrated into these loT devices. OEMs that want to add connectivity functionality into devices will therefore need to design applications that are aware of device capabilities to capture sensor data and communicate with a remote server for an application-specific task. Using conventional methods, this would require procuring and integrating physical SIM cards into the potential billions of devices manufactured. These physical SIM cards would generally require wireless modules that are integrated into the Printed Circuit Boards (PCBs) of these devices. A wireless module and physical SIM will increase the bill of materials (BoM) of such devices. Furthermore, an OEM manufacturer will need to find and select a mobile network operator (MNO) that will provide coverage in the geographic areas that the connected devices will be deployed. The selection process may depend on various parameters such as pricing, network quality, coverage, etc. However, as there are thousands of cellular network operators in the world with an average of 4 or more cellular network operator in many countries, the discovery and selection process becomes quickly very challenging for these OEMs and/or third party entities managing the access to connectivity for these devices. The third party entities could be either enterprises or consumers who own these connected devices may be interchangeably referred to herein as the owners of the connected (or loT) devices. In view of the above issues, there is a clear friction in accessing local cellular networks faced by consumers and enterprises managing connected devices in a global market where people and things are fundamentally mobile. Because access is predicated on the use of SIM cards, this friction is magnified by the current physical nature of SIM cards. From the standard 2FF card (mini-SIM) to the 4FF card (nano-SIM), SIM cards have now evolved to the MFF2 form factor, which is mainly used in machine-to-machine (M2M) applications. Introduction of the MFF2 form factor and its subsequent smaller iterations into the Internet of Things (IoT) could radically alter the manufacturing and deployment of IoT devices. In December of 2013, the GSMA, which is the largest association of mobile operators and related companies, essentially standardized how reprogrammable SIM cards are architected and remotely provisioned. As a result of the standardization efforts, many new use cases will be soon possible in an interoperable manner. These use cases include the ability to seamlessly select and switch cellular networks without physically changing SIM cards. Although the GSMA's specifications were developed primarily for M2M devices, nothing prevents those skilled in the art from using them for other types of connected devices as well. Doing so would therefore remove the current friction of switching networks faced by people and things in international roaming situations or in local geographic areas with multiple cellular carriers. This provides people and devices with the ability to dynamically change cellular networks to extract the best value for mobile communication needs based on preferences for price, data speed, network quality, etc. For local telecom regulators, virtual SIM card technology lowers the barriers to switching networks and thereby fosters a healthy and competitive telecommunications landscape in which MNOs and Mobile Virtual Network Operators (MVNOs) compete on price, service quality and innovation. For OEMs, virtual SIM card technology provides more space in the printed circuit board assembly (PCBA) design, allowing the incorporation of additional sensors or other chip components and hence optimizes the PCB layout. It also removes the complexity of dealing with various SIM card vendors approved by MNOs in "kitting" environments. MNOs stand to immensely benefit from virtual SIM card technology as well. The technology may facilitate enhanced distribution because M(V)NO service discovery, selection and provisioning could all take place remotely over the "cloud." Such a mobile application could then help effectively streamline the redundant Know Your Customer (KYC) procedures currently in effect in many countries. Moreover, for all M(V)NOs, regardless of market position, this technology can eliminate the costs of procuring, testing, cert