WO2013065991A1 - Method and euicc for providing a policy control function - Google Patents

Abstract

The present invention relates to a method for providing a policy control function (PCF), and more specifically, to a method for providing a PCF and an eUICC for same which define the function and structure for the PCF of an eUICC, and, with regard to same, which define the detailed structure of the PCF of the eUICC.

Description

How to provide policy control and ｅＵＩＣＣ

The present invention provides a method for providing a policy control function (PCF: Policy Control Function, hereinafter "PCF") of the embedded UICC (eUICC), and eUICC for the same It is about.

A UICC (Universal Integrated Circuit Card) is a smart card that can be inserted into a terminal and used as a module for user authentication. The UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes. For example, the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user. The UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.

When the user mounts the UICC on the user's terminal, the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal. In addition, when the user replaces the terminal, the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.

Terminals requiring miniaturization, for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC. Thus, an eUICC structure has been proposed which is a removable UICC. The eUICC should contain user information using the UICC in IMSI format.

The existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider. However, from the manufacture of the terminal, the manufactured terminal can be assigned IMSI in the eUICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied. Both the mobile operator and the terminal manufacturer ordering the terminal have to pay attention to the product inventory and there is a problem that the product price increases. The user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of eUICC, there is a need for a method for allowing a user to open a terminal regardless of a mobile communication provider.

Meanwhile, the recent introduction of eUICC has made it necessary to update subscriber information of various mobile communication providers to UICC remotely. Accordingly, a subscription management device (subscription manager) or profile for managing subscriber information is therefore required. A Profile Manager (hereinafter referred to as "PM") is under discussion.

These SMs are mainly discussed as being responsible for information management for eUICC, information management for various mobile operators, and authentication and remote information changes for mobile operators. It has not been decided yet.

In addition, although the PCF has been discussed to define eUICC related policies of various entities or entities surrounding the eUICC, the function or structure thereof has not been determined. Therefore, there is a problem that an eUICC related policy related to functions such as information management for eUICC, information management for various mobile communication providers, authentication and remote information change when changing the mobile communication service provider is not properly performed.

An object of the present invention is to define the function and structure of the Policy Control Function (PCF) of the eUICC.

Another object of the present invention is to provide a method for providing a Policy Control Function (PCF) of an eUICC.

Another object of the present invention is to provide a detailed structure of the Policy Control Function (PCF) of the eUICC and a method of operating the PCF through the same.

In one aspect, the present invention is an embedded Universal Integrated Circuit Card (eUICC) for providing a policy control function (PCF), PCF Rule (PCF Rule) for containing the policy information; And an PCUI engine that performs a policy based on the PCF rule when an eUICC external entity attempts to access a PCF application target.

In another aspect, the present invention provides a method for providing a Policy Control Function (PCF) of an embedded Universal Integrated Circuit Card (eUICC), wherein the PCF engine in the eUICC accesses an eUICC resource of an external entity. If this is attempted (S600), querying the PCF rule to be applied (S602); And (S602 ˜ S608) performing the PCF Enforcement on the basis of the PCF rule by the PCF engine.

Figure 1 shows the overall service architecture including the eUICC to which the present invention is applied.

2 shows a system architecture of an SM separation environment to which the present invention may be applied.

3 is a diagram illustrating a basic structure and operation of a PCF and an eUICC for the same according to an embodiment of the present invention.

4 is a diagram illustrating an example of a PCF rule structure according to an embodiment of the present invention.

5 is a diagram illustrating an example of a PCF application target according to an embodiment of the present invention.

6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail through exemplary drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In addition, in describing the present invention, when it is determined that the detailed description of the related well-known configuration or function may obscure the gist of the present invention, the detailed description thereof will be omitted.

M2M (Machine-to-Machine) terminal, which is actively discussed in the current GSMA, should be small in size. In the case of using the existing UICC, a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.

Therefore, an embedded UICC structure that is not detachable from the UICC is being discussed. In this case, the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as “MNO”) that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).

However, since the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.

As such, unlike the conventional removable type SIM, the eUICC or eSIM that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference. To this end, the international standardization bodies of GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM manufacturers, as well as necessary elements including top-level structures. As eSIM is discussed through standardization organizations, the central point of the issue is SM, called Subscription Manager, which issues and subscribes operator information (which can be used in other expressions such as Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package, etc.) to eSIM. (Subscription) Refers to an entity or its function / role that plays an overall administrative role for eSIM, such as handling a process for a change or MNO change.

Recently, in GSMA, SM has been classified into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which directly carries operator information on eSIM. Proposed a scheme to transmit the data, but the details are insufficient.

In this specification, eSIM and eUICC are used as equivalent concepts.

eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through. IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.). Java Card Platform (Java Card Platform) is one of the platforms that can provide services and load multiple applications, such as smart cards.

Because of limited memory space and security, anyone should not load applications in SIM. Therefore, SIM requires a SIM service management platform that is responsible for loading and managing applications. The SIM service management platform issues data to the SIM memory area through authentication and security with management keys.The Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.

SM, one of the important elements in the eSIM environment, eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).

In the GSMA, the roles of SM are classified into SM-DP and SM-SR. SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package. SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).

In addition, we propose a structure called “Circle of Trust” in FIG. 1 below to establish an end-to-end trust relationship between an MNO and an eSIM by overlapping trust relationships between similar entities or entities. We proposed the concept of building. In other words, MNO1 is SM1, SM1 is SM4, SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.

Before describing the present invention, terms first used in the present specification will be described.

A mobile network operator (MNO) refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.

eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).

Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.

Provisioning refers to a process of loading a profile into an eUICC, and a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.

Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.

eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.

Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .

A profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.

Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.

An Active Profile is called an Active Profile when a file or application is selectable by the UICC-Terminal interface under the control of the PCF associated with the MNO.

A PCF Rule (Policy Control Function Rule) is a rule defined by the MNO that controls the management of provisioning or operational profiles in the eUICC. Policy Control Function Rules can be in the network, the eUICC platform, or in a provisioning or operational profile.

PCF (Policy Control Function) refers to application / service that can enforce Policy Control Function Rules. Policy Control Function Rules can be executed in the eUICC platform and / or at the Subscription Manager level or the MNO level.

The Control Authority (CA) refers to an entity authorized by the MNO of update / delete / activate / deactivate remotely during the swap of an Operational or Provisioning Profile.

The SM (Subscription Manager) is a subscription management device, an entity that performs management functions of the eUICC, and is authorized by the MNO of update / delete / activate / deactivate remotely during the swap of Operational or Provisioning Profiles. This means entity.

Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.

The overall system is described as follows.

The eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject. The explanation is as follows.

The dashed line in FIG. 1 shows the trust circle, and the two solid lines represent the secure link.

If a scenario is required where subscription information is stored and communicated, it should be done under the approval of the MNO and under the control of the MNO. There must be only one active profile on a single eUICC at a particular time, meaning that the active profile is added to a single HLR at a specific time.

The MNO and eUICC must be able to decode the MNO Credentials information, that is, the profile (operation profile, provisioning profile, etc.). The only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.

Subscriptions cannot be switched within the eUICC outside of operator policy control. The user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.

The MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.

The transfer of MNO credentials or profiles must be done in a secure manner from end to end. The transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO. No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.

The operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.

SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.

The SM has no direct relationship with the MNO subscriber for subscription management. Although the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.

While the MNOs are swapped, the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts. The donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.

The architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC. The SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.

The role of SM can be divided into two sub-functions such as SM-SR and SM-DP.

Indeed, such SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.

SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission. The key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Could be added.

If the SM-DP function is provided by a third party, security and trust relationships become very important. In addition to real-time provisioning, SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.

SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC. The key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC. To manage communication with eUICC, 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).

The SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.

The circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery. MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves. EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.

That is, in FIG. 1, 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.

2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.

As shown in FIG. 2, the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.

Of course, the arrangement of the SM-DP and the MNO system may be implemented differently from FIG. 2. (Ie, the SM-DP may be linked with the SM-SR, and the MNO system may be linked with the SM-DP.

eSIM is a different SIM-based service, such as profiles are issued and managed internally by eSIM from eSIM external entities (MNOs, manufacturers, service providers, etc.), and unlike multiple SIMs, multiple profiles can be loaded simultaneously. Provide an environment. Accordingly, the entity that issues and manages the profile to the eSIM manages the security policy for the eSIM itself or the profile that is issued and managed by the eSIM. In the current eSIM environment, the concept of performing such a role is referred to as PCF and Policy Control Function, but the detailed shape and operation method of the PCF are not defined.

Accordingly, the present invention proposes a highly scalable PCF providing method in an eSIM environment. The highly scalable PCF providing method in the eSIM environment proposed by the present invention will be described in more detail below. However, below, eSIM is described and described as eUICC.

3 is a diagram illustrating the basic structure and operation of the PCF 310 and the eUICC 300 for the same according to an embodiment of the present invention.

As shown in FIG. 3, a policy control function (PCF) 310 according to an embodiment of the present invention includes a PCF rule 311 and a PCF engine 312. .

PCF 310 basic operation according to an embodiment of the present invention is performed as follows.

Referring to FIG. 3, when the user wants to approach the PCF application object 320 from the eUICC 300, that is, the eUICC external object 30, the eUICC external object 30 may interwork with the PCF engine 320. After applying the PCF through (S300), if the access to the PCF application object 320 is authorized based on this, the eUICC external entity 30 may access the PCF application object 320 (S302).

The eUICC external entity 30 described herein is an entity performing an operation on the eUICC 300, and may include one or more of a mobile network operator (MNO), a manufacturer, a service provider, a subscription manager (SM), and the like. It may also be a device equipped with the eUICC 300.

The eUICC 300 for providing the PCF is based on the PCF rule 311 and the PCF rule 311 that records the policy information, and when the eUICC external entity 30 attempts to access the PCF application target 320. PCF engine 312, etc. that perform the policy.

The PCF rule 311 mentioned above is a file in one or more forms of an extensible type length value (TLV) and an eXtensible Markup Language (XML) including policy information to be applied by the PCF engine 3120.

In the following, detailed structures of the PCF rule 311 and the PCF engine 312 described above will be described.

First, the detailed structure of the PCF rule 311 is described in more detail with reference to FIG.

4 is a diagram illustrating an example of a PCF rule 311 structure according to an embodiment of the present invention.

Referring to FIG. 4, the PCF rule 311 is an extensible file type, and includes a target, an action to be applied to the protected object, secret information necessary for the action, and a secret information base. You can define one or more of the security methods of.

The target mentioned above may be, for example, one of a file, an application, a profile, or the PCF rule itself.

Actions to be applied to the above-mentioned targets include, for example, Read, Write, Update, Lock, Unlock, Delete, Delete, It may include one or more of Backup and Select.

The above-mentioned confidential information may include, for example, a user PIN (Personal Identification Number) and various credentials defined in the eUICC environment. Here, the various credentials are, for example, eUICC Access Credential, Profile Access Credential, Profile Protection Credential, Authorized OEM Credential It may include one or more of an OEM Credential, a Service Provider Credential, an Application Access Credential, and the like.

The above-mentioned security method stores information about the security method utilizing the confidential information. For example, whether it is encryption, authentication, integrity, etc. One or more provisionable security functions and security algorithm information applied to provide the security function may be stored. Here, the security algorithm information may include, for example, information about 3DES CBC Mode, PKCS # 1, SHA-1, and the like.

In addition to the above-described information, field (s) necessary for PCF application may be added.

Next, the detailed structure of the PCF engine 312 will be described in more detail.

The PCF engine 312 described above may be a software module such as an applet that performs a policy based on the PCF rule 311.

The PCF engine 312, when attempting to access the PCF application target 320, that is, eUICC resources of the eUICC external object 30, the authority for the operation of the eUICC external object 30 is obtained so that the eUICC external object ( 30) can be performed to perform the operation.

When the PCF engine 312 attempts to access the PCF application target 320 of the eUICC external object 30, the PCF engine 312 may perform one or more security associations among encryption, authentication, and integrity verification based on the PCF rule 311. Can be.

When the above content is described from the standpoint of the eUICC external entity 30, the eUICC external entity 30 operates in conjunction with the PCF engine 320 when attempting to access the PCF application object 320. After obtaining the authority for, and performing the corresponding action. At this time, when the eUICC external object 30 outside the eUICC 300 attempts to access a specific file, profile, etc., the eUICC external object 30 works with the PCF engine 312 based on the PCF rule 311. One or more security associations may be performed, such as encryption, authentication, and integrity verification.

For example, when the eUICC external object 30 wants to update a specific file in the eUICC 300, the PCF engine 312 managing the file updates the file outside of the eUICC 300. It performs security operation (eg authentication) necessary for operation and can update the file only when it is successful.

As another example, when the user wants to back up a profile in the eUICC 300 outside of the eUICC 300, the PCF engine 312 managing the profile is external to the eUICC 300 and the corresponding profile. It performs a security operation based on the associated credential, and can only perform a backup operation if it succeeds.

The PCF application object 320 mentioned above may be, for example, a common file for various management purposes in the eUICC 300, a profile mounted in the eUICC 300, and details (eg, a file, an application, etc.) present in each profile. And the like.

This PCF application target 320 will be described in more detail with reference to FIG. 5.

5 is a diagram illustrating an example of a PCF application target 320 according to an embodiment of the present invention.

As shown in FIG. 5, the PCF may be applied to the entire eUICC 300. As such, when the PCF is applied to the entire eUICC 300, the common files for various management purposes in the eUICC 300 (eg, the eUICC identifier, profile list, currently active profile list, and profile information mounted in the eUICC 300). (Eg, identifier, type, description, etc.) and the entire profile mounted on the eUICC 300 can be applied to the PCF.

In addition to the PCF being applied to the entire eUICC 300, the PCF may be applied to each profile mounted in the eUICC 300 or to sub-items (eg, Files, Applications, etc.) existing in each profile.

On the other hand, the PCF (Policy Control Function, 310) described in this specification may mean a function such as defining, updating, or deleting a policy rule for implementing a policy.

In addition, the PCF (Policy Control Function) 310 described in the present specification not only means defining / update / delete function of a policy rule, but also executes a policy rule for implementing a policy. It may be a concept including a policy enforcement function (PEF), which means a function of).

In addition, the PCF rule 311 described in the present specification may be referred to as a policy rule meaning an operation required for implementing a policy, a condition for implementing the policy, and the like.

In the following, the PCF providing method described above will be described again with reference to the flowchart of FIG. 6.

6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.

In the description with reference to FIG. 6, as described above, the eUICC external entity 30 performs a specific action on the eUICC 300, such as an MNO, a manufacturer, a service provider, and a subscription manager (SM). The objects that need to be It is assumed that a specific PCF 310 (PCF rule 311 + PCF engine 312) is associated with each other in the eUICC resource 320 to be described instead of the term PCF application target 320. The eUICC platform may be a platform such as a Java Card Platform or a Global Platform including a COS (Chip OS) in the eUICC 300, and implements functions for providing general operations and services of the eUICC 300. It is.

Referring to FIG. 6, in the PCF providing method according to an embodiment of the present invention, when the PCUI providing method of the eUICC 300 attempts to access the eUICC resource 320 of the eUICC external entity 30 (S600). Inquiring the PCF rule 311 to be applied by the PCF engine 312 in the eUICC (300) (S602) and the PCF application (Enforcement) based on the PCF rule 311 inquired by the PCF engine (312) It may include a step (S604 ~ S608) to perform.

In step S600 described above, the eUICC external entity 30 may not know how the PCF is set in the eUICC resource 320 to which the eUICC external entity 30 wishes to access. In this case, it may initially attempt to access the eUICC resource 320 without prior knowledge of the PCF. (Optionally, it is not recommended that a DoS attack on the eUICC 300 can be attempted.)

In the above-described step S602, the PCF engine 312 refers to the PCF rule 311 to be applied by the PCF 310 internally as described above, and if necessary, the PCF rule 311 in real time. ).

On the other hand, in the above-described step S602, the PCF engine 312 (in the case where step S600 is preceded), the PCF rule (311) excluding the credential among the PCF rules inquired and inquired the PCF rule (311) Can be delivered to the eUICC external entity 30 (arrows shown by dashed lines) to reveal and carry out future procedures.

In the "PCF application execution step" performed after the above-described step S602, the PCF engine 312 receives a PCF Enforcement request from the eUICC external entity 30 and performs a response to perform a security operation required for applying the PCF rule. Performing step (S604), calculating the PCF application result based on the PCF application request received from the eUICC external entity (30) by the PCF engine (312), and applying the PCF calculated by the PCF engine (312) And transmitting the result to the eUICC external entity 30 (S608).

In step S604 described above, the eUICC external entity 30 performs a PCF Enforcement request based on the PCF rule 311 received from the PCF rule 311 or the PCF engine 312 that it knows, and accordingly In response to the PCF application request, the PCF engine 312 performs a security operation necessary for applying the PCF rule.

In the above-described step S606, the PCF engine 312 is based on the PCF rule application request (eg MAC (Message Authentication Code), PIN, security key, digital signature, etc.) delivered by the eUICC external entity 30 based on the result of applying the PCF rule. Calculate

In step S608, the PCF engine 312 transmits the PCF rule application result (eg, Access Granted / Denied, Operation Permitted / Denied, etc.) to the eUICC external entity 30.

In step S608, the eUICC external entity 30 that has received the PCF rule application result may perform actions that are intended to be performed, based on the PCF rule application result of the PCF engine 311.

As described above, the present invention clearly defines the function and structure of the Policy Control Function (PCF) of the eUICC 300.

In addition, the present invention may provide a method for providing a policy control function of the eUICC 300 according to a defined function and structure.

In addition, the present invention can provide a detailed structure of the policy control function of the eUICC (300) and a PCF operation method through the same.

Using the present invention as described above, it is possible to establish and apply a policy for the profile, various common files, and the like in the eUICC (300). Extensive PCF rule provision method provides flexibility in responding to necessary actions, targets, and confidential information as the eUICC (eSIM) environment changes in the future. It may provide a basic structure of the PCF rule 311 does not exist. As an operation of the PCF engine 312, eUICC resources (eSIM resources) 320 such as files, profiles, and PCF rules to which PCF rules are applied may be safely managed and utilized.

The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited thereto. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

CROSS-REFERENCE TO RELATED APPLICATION

This patent application is related to the patent application No. 10-2011-0113374 filed in Korea on November 2, 2011 and the patent application No. 10-2012-0117969 filed in Korea on October 23, 2012. Priority is claimed under section (a) (35 USC § 119 (a)), all of which is incorporated by reference in this patent application. In addition, if this patent application claims priority for the same reason for countries other than the United States, all its contents are incorporated into this patent application by reference.

Claims (15)

Embedded UICC (eUICC) for providing Policy Control Function (PCF), PCF Rule containing the policy information (PCF Rule); And eUICC eUICC including a PCF engine to perform a policy based on the PCF rules when attempting to access the PCF application target of the external object. The method of claim 1, The PCF rule is an eUICC, characterized in that the file in the form of one or more of extensible type length value (TLV) and XML (eXtensible Markup Language) containing the policy information to be applied by the PCF engine. The method of claim 1, The PCF rule is eUICC, characterized in that for defining at least one of the object to be protected, the operation to be applied to the object, the secret information required for the operation, the secret-based security method. The method of claim 3, The protected object is eUICC, characterized in that one of a file, an application and a profile. The method of claim 3, The protection target is eUICC, characterized in that the PCF rule itself. The method of claim 3, The operation to be applied to the protection target is one of Read, Write, Update, Lock, Unlock, Delete, Backup, and Select. EUICC characterized by including the above. The method of claim 3, The secret information includes a user identification number (PIN) and a credential defined in an eUICC environment. The method of claim 3, The security method may include one or more security functions that can be provided among encryption, authentication, and integrity, and security algorithm information applied to provide the security function. eUICC. The method of claim 1, The PCF engine, eUICC, characterized in that when the eUICC external object attempts to access the PCF application target, the rights for the operation of the eUICC external object is obtained so that the eUICC external object performs the operation. The method of claim 1, And the PCF engine performs one or more security associations of encryption, authentication, and integrity verification based on the PCF rule when the eUICC external entity attempts to access a PCF application target. The method of claim 1, The PCF application object is eUICC, characterized in that it comprises one or more of a common file for various management purposes in the eUICC, a profile mounted in the eUICC, and a detailed item present in each profile. The method of claim 1, The eUICC external entity is an entity that performs an operation on the eUICC, eUICC, characterized in that it comprises one or more of a mobile network operator (MNO), a manufacturer, a service provider, a subscription manager (SM). As a method of providing a Policy Control Function (PCF) of an embedded UICC (eUICC), When the PCF engine in the eUICC attempts to access an eUICC resource of an eUICC external entity (S600), inquiring a PCF rule to be applied; And And the PCF engine performing the PCF enforcement based on the PCF rule. The method of claim 13, Performing the PCF application, Receiving, by the PCF engine, a PCF Enforcement request from the eUICC external entity and performing a response to perform a security operation necessary for applying a PCF rule; Calculating, by the PCF engine, a PCF application result based on a PCF application request received from the eUICC external entity; And And delivering, by the PCF engine, the calculated PCF application result to the eUICC external entity. The method of claim 13, In the querying step, the PCF engine, Method of providing a policy control function of the eUICC characterized in that the publicly available PCF rules, except for the credential among the inquired PCF rules are delivered to the eUICC external entity.

Images