Search

EP-4738907-A1 - PROVIDING AN EUICC WITH PROFILE DATA OF AT LEAST ONE PROFILE

EP4738907A1EP 4738907 A1EP4738907 A1EP 4738907A1EP-4738907-A1

Abstract

A method of establishing, in an eUICC, at least one profile, comprising: a) generate, in the eUICC, at least some of the profile data, referred to as on-board generated profile data (OP); the method characterized by the steps : c) transfer, all or part of, the on-board generated profile data (OP) from the eUICC to a verifier entity (VER); d) at the verifier entity (VER), based on the transferred on-board generated profile data (OP) and verification criteria and verification information, generate a verification result, which represents either successful verification or non-successful verification of the on-board generated profile data (OP), and send the verification result from the verifier entity (VER) to a state manager entity; e) by the state manager entity, provide an operative state of the profile in the eUICC only under a condition that the verification result represents a successful verification of the on-board generated profile data (OP), and under a condition that the verification result represents a non-successful verification of the on-board generated profile data (OP), prevent an operative state of the profile in the eUICC..

Inventors

  • Williams, Divya Miriam
  • JAGER, BARBARA
  • DIETZE, CLAUS

Assignees

  • Giesecke+Devrient Mobile Security Germany GmbH

Dates

Publication Date
20260506
Application Date
20241104

Claims (15)

  1. A method of establishing, in an eUICC, at least one profile, the profile comprising profile data including at least a subscriber identity (IMSI; SUPI; NAI) and a network authentication key K, comprising: a) generate, in the eUICC, at least some of the profile data, referred to as on-board generated profile data (OP); b) establish in the eUICC a profile comprising the on-board generated profile data (OP); the method characterized by the steps: c) transfer, all or part of, the on-board generated profile data (OP) to a verifier entity (VER); d) at the verifier entity (VER), based on the transferred on-board generated profile data (OP) and verification criteria and verification information, generate a verification result, which represents either successful verification or non-successful verification of the on-board generated profile data (OP), and send the verification result from the verifier entity (VER) to a state manager entity; e) by the state manager entity, provide an operative state of the profile in the eUICC only under a condition that the verification result represents a successful verification of the on-board generated profile data (OP), and under a condition that the verification result represents a non-successful verification of the on-board generated profile data (OP), prevent an operative state of the profile in the eUICC.
  2. The method according to claim 1, wherein the verifier entity (VER) is or is comprised in one of the following entities: - an SM-DP+ or SM-DPf server; - an IFPP production machine; - an EUM; - a verifier server; - a verifier server connected to an SM-DP+ or SM-DPf server or IFPP production machine; - an elM; - the eUICC; or/and the state manager entity is or is comprised in one of the following entities: - an SM-DP+ or SM-DPf server; - an elM; - the eUICC.
  3. The method according to claim 1 or 2, wherein the on-board generated profile data (OP) comprise at least one unique data item associated to the profile, and wherein: step c) comprises to transfer the at least one unique identifier associated to the profile; step d) comprises to verify uniqueness of the transferred at least one unique identifier associated to the profile; and in step e) successful verification comprises that uniqueness of the on-board generated at least one unique identifier associated to the profile is confirmed.
  4. The method according to claim 3, wherein the on-board generated profile data (OP), which are a unique data item associated to the profile, comprise one or several of the following: - an International Mobile Subscriber Identity, IMSI; - a Subscriber Permanent Identifier, SUPI; - a Network Access Identifier, NAI; - an eUICC identifier, EID; - a profile number, Integrated Circuit Card Identifier, ICCID; - a network authentication key K; - a set of OTA keys; - a set of Secure Channel keys.
  5. The method according to any of claims 1 to 4, wherein step c), transfer the on-board generated profile data (OP), is performed: - either directly from the eUICC to the verifier entity (VER); - or indirectly from the eUICC to the verifier entity (VER) over one or several other external entities, wherein the other external entities comprise one or several of: - an SM-DP+ server, in case the verifier entity (VER) is not the SM-DP+ server; - an IFPP production machine hosting the target eUICC, in case the verifier entity (VER) is not the IFPP production machine; - an SM-DPf server located outside the IFPP production environment, in case the verifier entity (VER) is not the SM-Df server; - an Operator server or EUM, in case the verifier entity (VER) is not the EUM; - an elM, in case the verifier entity is not the elM.
  6. The method according to any of claims 1 to 5, wherein, before step a) is executed, the eUICC contains installed profile data of the profile, preferably with the exception of the on-board generated profile data (OP); or after step a) is executed, the eUICC is provided with to be installed profile data of the profile, preferably with the exception of the on-board generated profile data (OP).
  7. The method according to any of claims 1 to 6, further comprising the steps: before or after step a), 0-1) receive at the eUICC a profile package (BBP) including profile data of the profile, preferably with the exception of the on-board generated profile data (OP), and 0-2) install the profile data from the received profile package in the eUICC.
  8. The method according to any of claims 1 to 7, wherein step c), transfer the on-board generated profile data (OP), is performed as: transfer the on-board generated profile data (OP) in or with an installation result notification (PIR).
  9. The method according to claim 7, wherein step c), transfer the on-board generated profile data (OP), is performed as: transfer the on-board generated profile data (OP) in or with an installation result notification (PIR), wherein: - said installation result notification (PIR) is related to the installation of the profile data from the received profile package (BBP); - said installation result notification (PIR) is sent after step a), generate, in the eUICC, said on-board generated profile data (OP); - said installation result notification (PIR) contains or is accompanied by said on-board generated profile data (OP).
  10. The method according to any of claims 1 to 9, wherein step b) to establish in the eUICC the profile comprising the on-board generated profile data (OP) comprises to (0-2) install the profile; and step e) to provide an operative state of the profile in the eUICC, in combination of step b) and e), comprise either one of the following: (i) (0-2) install or/and enable the profile only under a condition of successful verification of the on-board generated profile data (OP) at the verifier entity (VER), and under a condition of non-successful verification of the on-board generated profile data (OP) at the verifier entity (VER) at least do not enable the profile; or (ii) (0-2) install or/and enable the profile, and maintain the enabled state of the profile only under a condition of successful verification of the on-board generated profile data (OP) at the verifier entity (VER), and under a condition of non-successful verification of the on-board generated profile data (OP) at the verifier entity (VER) disable the profile.
  11. The method according to any of claims 1 to 10, further comprising, under a condition of non-successful verification of the on-board generated profile data (OP) at the verifier entity (VER), delete the profile.
  12. The method according to any of claims 1 to 11, wherein step d) further comprises, at the verifier entity (VER), to verify one or several of the following properties of the on-board generated profile data (OP): - errors, particularly format errors, particularly faulty length or/and faulty format; - origin of the on-board generated profile data (OP) from an admitted eUICC; - authenticity of the on-board generated profile data (OP); - integrity of the on-board generated profile data (OP).
  13. The method according to any of claims 1 to 12, wherein the transferred on-board generated profile data (OP) are transferred in an encrypted form, encrypted with an encrypt key, and decrypted at the verifier entity (VER) with a corresponding decrypt key.
  14. An eUICC, constructed to perform a method for establishing, in said eUICC, at least one profile, the profile comprising profile data including at least a subscriber identity (IMSI; SUPI; NAI) and a network authentication key K, comprising: a) generate, in the eUICC, at least some of the profile data, referred to as on-board generated profile data (OP); b) establish in the eUICC a profile comprising the on-board generated profile data (OP); characterized by: c) transfer, all or part of, the on-board generated profile data (OP) to a verifier entity (VER); d) by the transfer, initiate the verifier entity (VER), based on the transferred on-board generated profile data (OP) and verification criteria, to generate a verification result, which represents either successful verification or non-successful verification of the on-board generated profile data (OP), and send the verification result from the verifier entity (VER) to a state manager entity; e) receive, from the state manager entity, instructions so as to provide an operative state of the profile in the eUICC only under a condition that the verification result represents a successful verification of the on-board generated profile data (OP) at the, and under a condition that the verification result represents a non-successful verification of the on-board generated profile data (OP), prevent an operative state of the profile in the eUICC.
  15. A verifier entity (VER), constructed to perform a method for establishing, in an eUICC, at least one profile, the profile comprising profile data including at least a subscriber identity (IMSI; SUPI; NAI) and a network authentication key K, comprising: after a step at the eUICC, a) generate, in the eUICC, at least some of the profile data, referred to as on-board generated profile data (OP); and after a step at the eUICC, b) establish in the eUICC a profile comprising the on-board generated profile data (OP); perform steps characterized by: c) receive at the verifier entity (VER), from the eUICC, all or part of, the on-board generated profile data (OP); d) at the verifier entity (VER), based on the transferred on-board generated profile data (OP) and verification criteria, generate a verification result, which represents either successful verification or non-successful verification of the on-board generated profile data (OP), and send the verification result from the verifier entity (VER) to a state manager entity; e) initiate the state manager to provide an operative state of the profile in the eUICC only under a condition that the verification result represents a successful verification of the on-board generated profile data (OP), and under a condition that the verification result represents a non-successful verification of the on-board generated profile data (OP), prevent an operative state of the profile in the eUICC.

Description

Field of the invention The present invention relates to providing an eUICC with profile data of at least one profile, the eUICC being designed to be hosted (which may be plugged or integrated) in a wireless network communication device, or briefly mobile device. Background of the invention and prior art The world is connected via wireless communication networks, also referred to as mobile communication networks, wherein devices hosting eUICCs communicate with each other and with wireless network background servers in a secured way. The eUICCs hosted in the devices comprise at least one or several subscription profiles, or briefly profiles, including profile data like an international mobile subscriber identity, which may be embodied as IMSI, or in 5G as SUPI or NAI, and an authentication key K, and a profile number ICCID, OTA keys, and further profile data, enabling communication in the wireless communication network. For eUICCs, several form factors are known, including plug-in SIM-card or pSIM, embedded and soldered-in eUICC in a strict sense or eSIM, and integrated iUICC or iSIM integrated into a chip of a chipset of the device hosting the eUICC. In the context of the present invention, eUICC is understood to include any form factor, including any of the listed form factors. Having an eUICC hosted in a mobile device according to the form factor of the eUICC may be realized as the eUICC being plugged-in or embedded or integrated into the mobile device. Devices are for example known as consumer wireless network communication devices like smartphones and network-able tablet PCs, and as M2M wireless network communication devices including automotive wireless network communication devices and industrial wireless network communication devices. In the following, a device is meant to be a wireless network communication device, hosting an eUICC including one or several profiles, and constructed to communicate with other devices or network servers over a mobile communication network, herein including the eUICC for security relevant tasks like authentication and others. The document [1] [SGP.22] GSMA SGP.22 RSP Technical Specification Version 3.0, 19th October 2022, and previous versions 2.x, describe procedures and architectures for provisioning profiles to eUlCCs hosted in consumer devices already in the field. The profile server from which profiles are downloaded to eUICCs in an SGP.22 scenario is also referred to as SM-DP+. The documents [2] [SGP.41] GSMA SGP.41 eSIM IFPP Architecture and Requirements Version 1.0 Draft 17 and [3] [SGP.42] GSMA SGP.42 eSIM IFPP Technical Specification (unpublished at the date of filing the application) cover In-factory personalization or provisioning, which is a setup in which profiles are provisioned to an eUICC locally in a factory environment, contrary to the standard remote provisioning procedures envisaged in [1] [SGP.22], where a profile is downloaded to an eUICC from a remote profile provisioning server. The profile server from which profiles are downloaded to eUICCs in an in-factory procedure is also referred to as SM-DPf. According to [1] [SGP.22], section 2.5 "Profile Protection and Delivery", an Operator's Profile is protected within a Profile Package prior to being downloaded to the eUICC. As further set out in sub-section 2.5.1, "Profile Package Types Overview", from generation to download, a Profile Package will take the following different formats: Unprotected Profile Package (UPP): Raw eUICC Profile Package TLV sequence.Protected Profile Package (PPP): Segmented and protected in BSP payload TLVs.Bound Profile Package (BPP): Prepended with session key agreement info, key replacement package, ISD-P creation and configuration info.Segmented Bound Profile Package (SBPP): BPP segmented into STORE DATA APDU script for loading into eUICC. This step is performed by the LPD when the LPD is in the Device. Document [1] [SGP.22] assumes a profile package to be compliant with the provisions set out in document [6]. Document [6] [TCP IPP] Trusted Connectivity Alliance, eUICC Profile Package: Interoperable Format Technical Specification, Version 3.3, Mar 2023, describes details of profile elements (profile data) to be provided in a profile, and a standard format of a profile package as a collection of profile elements (profile data), which standard format is to be used for the loading and installation of an interoperable Profile Package into any compliant eUICC. Document [4] EP23020510.6 describes a method for establishing, in a target eUICC, profile data of at least one profile, the profile data including at least a subscriber identity, such as IMSI or SUPI or NAI, and a network authentication key K, wherein the network authentication key K is generated in the target eUICC. Other profile data can be downloaded to the eUICC in a profile package and combined with the profile data, for example the authentication key K, generated in the eUICC. SIM Provisioning architectures, parti