[go: up one dir, main page]

WO2014077544A1 - Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant - Google Patents

Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant Download PDF

Info

Publication number
WO2014077544A1
WO2014077544A1 PCT/KR2013/010022 KR2013010022W WO2014077544A1 WO 2014077544 A1 WO2014077544 A1 WO 2014077544A1 KR 2013010022 W KR2013010022 W KR 2013010022W WO 2014077544 A1 WO2014077544 A1 WO 2014077544A1
Authority
WO
WIPO (PCT)
Prior art keywords
profile
data
euicc
attribute data
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2013/010022
Other languages
English (en)
Korean (ko)
Inventor
서명희
김관래
박철현
이진형
이형진
정윤필
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KT Corp
Original Assignee
KT Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020130058111A external-priority patent/KR102164447B1/ko
Application filed by KT Corp filed Critical KT Corp
Priority to US14/443,788 priority Critical patent/US9706407B2/en
Publication of WO2014077544A1 publication Critical patent/WO2014077544A1/fr
Anticipated expiration legal-status Critical
Priority to US15/645,123 priority patent/US10334443B2/en
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier

Definitions

  • the present invention relates to a profile configuration in a subscriber authentication module, and relates to a profile configuration method of a subscriber authentication module installed in a terminal device and an apparatus using the same.
  • a UICC Universal Integrated Circuit Card
  • the UICC may include Network Access Applications (NAA), which are applications for accessing various networks of operators such as Universal Subscriber Identity Module (USIM) for WCDMA / LTE network access and Subscriber Identity Module (SIM) for GSM network access.
  • NAA Network Access Applications
  • USIM Universal Subscriber Identity Module
  • SIM Subscriber Identity Module
  • eSIM embedded SIM
  • eUICC embedded SIM
  • eUICC provides network access authentication function similar to existing detachable UICC, but due to its physical structure, eUICC should be able to handle network access of multiple operators with one UICC, and there are many issues such as eUICC opening / distribution / subscriber information security. And it is necessary to prepare a plan for this.
  • international standardization bodies such as GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM vendors, as well as necessary elements including top-level structures.
  • WG working group
  • An object of the present invention for overcoming the above-described problem is to provide a profile configuration method of a subscriber authentication module that is installed embedded in the terminal device.
  • ETSI defines profile type and usage definition and basic data to be included. However, the details of the management data, support command interface, function, and the like of the profile type and the application method thereof have not been discussed yet.
  • Another object of the present invention is to provide an apparatus using the profile composition method.
  • a subscriber authentication device embedded in a terminal device includes one or more profiles including a set of one or more network connection application-related data and having a unique identifier.
  • the network connection application related data includes one or more network connection applications and an associated connection authentication key.
  • the network connection application may include at least one of parameter data and a file structure for network connection.
  • a profile according to the present invention manages one or more of profile attribute data and profile policy rules.
  • the profile attribute data may include at least one of profile identifier, profile type, profile status information, network operator information, network connection application list belonging to the profile, privilege, size of profile data, profile version, and type of profile support terminal. It may include.
  • the profile policy rule may include one or more rules of whether profile deletion is allowed, profile state change notification, profile state change allowed, profile type change allowed, and profile initialization.
  • the profile may further include an interface for interfacing with an object located in or outside the subscriber authentication device.
  • the profile may also provide secure messaging for communication with objects located within or outside the subscriber authentication device.
  • the interface receives an incoming message for at least one of profile selection, the profile attribute data related management, profile state change, security authentication, profile management key management, and profile registration related management and returns a corresponding value.
  • a terminal device includes a subscriber authentication device including one or more profiles including a set of one or more network connection application-related data and having a unique identifier and installed in a terminal device; It includes a subscriber management module to interwork with the subscriber authentication module.
  • the subscriber management module transmits a change or inquiry request for profile related information to the subscriber authentication module.
  • the subscriber authentication module returns a response value according to the change or inquiry request to the subscriber management module.
  • Profile related information includes one or more of profile attribute data and profile policy rules.
  • a method of configuring a profile includes configuring at least one profile including a set of at least one network connection application related data and having a unique identifier.
  • the method may further include receiving a change or inquiry request for profile related information from an object located in or outside the subscriber authentication apparatus.
  • the method may further include returning a response value according to the change or inquiry request to an object located inside or outside the subscriber authentication device.
  • Profiles according to the invention may manage one or more of profile attribute data and profile policy rules.
  • the profile attribute data may include at least one of profile identifier, profile type, profile status information, network operator information, network connection application list belonging to the profile, privileges, size of profile data, profile version, and type of profile support terminal. It may include.
  • the profile policy rule may include one or more rules of whether profile deletion is allowed, profile state change notification, profile state change allowed, profile type change allowed, and profile initialization.
  • each profile attribute data and profile policy rule may be defined as a separate elementary file under an application-specific file (ADF).
  • ADF application-specific file
  • the profile attribute data and the profile policy rule may be defined as one elementary file under a master file.
  • the profile attribute data and profile policy rule may be defined as a data object template in a profile.
  • the present invention defines network management service providers, eUICC manufacturers, terminal manufacturers, and the like by defining contents related to profile management data, external interworking interfaces, and security features necessary for the eUICC internal management module or an external interworking device to manage profiles installed on the eUICC. It will enable efficient and fast eUICC development and service provision of eco-system operators.
  • FIG. 1 is a diagram illustrating a connection relationship between an eUICC and a peripheral external device according to an embodiment of the present invention.
  • FIG. 2 is a block diagram of an eUICC module according to an embodiment of the present invention.
  • Figure 3 shows an embodiment of a profile configuration method according to the present invention.
  • FIG. 4 shows another embodiment of a method for constructing a profile according to the present invention.
  • FIG. 5 shows another embodiment of a method for constructing a profile according to the present invention.
  • FIG. 6 shows an embodiment of a profile selection method according to the present invention.
  • FIG. 7 illustrates an embodiment of a profile attribute data or policy rule query method according to the present invention.
  • FIG. 8 illustrates another embodiment of a profile attribute data or policy rule query method according to the present invention.
  • FIG. 9 illustrates an embodiment of an interworking interface when adding or modifying profile attribute data and policy rules according to the present invention.
  • FIG. 10 illustrates another embodiment of an interworking interface when adding or modifying profile attribute data and policy rule according to the present invention.
  • FIG. 11 illustrates an embodiment of an interworking interface for changing a profile state according to the present invention.
  • FIG. 12 illustrates an embodiment of a security authentication method with a profile and an external companion device according to the present invention.
  • FIG. 13 illustrates an embodiment of an interworking protocol when an external companion device sets or changes a profile management key according to the present invention.
  • FIG. 14 illustrates an embodiment of an interworking protocol for registering profile information according to the present invention.
  • 16 is a flowchart illustrating a method of configuring a profile according to an embodiment of the present invention.
  • eUICC embedded UICC
  • eSIM embedded SIM
  • terminal refers to a mobile station (MS), user equipment (UE), user terminal (UT), wireless terminal, access terminal (AT), terminal, subscriber unit (Subscriber Unit). May be referred to as a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit / receive unit (WTRU), a mobile node, mobile or other terms.
  • SS subscriber station
  • WTRU wireless transmit / receive unit
  • Various embodiments of the terminal may be photographed such as a cellular telephone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, or a digital camera having a wireless communication function.
  • PDA personal digital assistant
  • Devices, gaming devices with wireless communications capabilities, music storage and playback appliances with wireless communications capabilities, internet appliances with wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions. have.
  • the terminal may include a machine to machine (M2M) terminal, a machine type communication (MTC) terminal / device, but is not limited thereto.
  • M2M machine to machine
  • MTC machine type communication
  • each block or step described herein may represent a portion of a module, segment, or code that includes one or more executable instructions for executing a particular logical function (s).
  • a particular logical function s.
  • the functions noted in the blocks or steps may occur out of order. For example, it is also possible that two blocks or steps shown in succession are performed simultaneously, or that the blocks or steps are sometimes performed in the reverse order, depending on the function in question.
  • the profile on the eUICC includes a network operator's unique data, key information, and the like, and can be created and managed by a network operator or a third party delegated by the network operator.
  • a standardized interworking interface provided by the profile for the external interworking device 400 (eg, SM) or the eUICC internal management module is required.
  • the profile can manage and provide externally.
  • SMs subscriber management modules
  • eUICC eUICC internal management modules
  • the present invention defines items to be basically provided according to profile types such as attribute data and policy rules, interworking interfaces, and security functions managed by the profile, and a method of applying the same and the actual method
  • profile types such as attribute data and policy rules, interworking interfaces, and security functions managed by the profile
  • security functions managed by the profile
  • a profile according to the invention is a module comprising one or more network connection applications (including parameter data, file structures, etc. for network connection) and network connection credentials. Profiles can be accessed with unique values (IDs) on the eUICC, and the types of profiles include provisioning profiles and operator profiles.
  • IDs unique values
  • the provisioning profile when installed on the eUICC, provides access to the eUICC between the eUICC and the Subscription Manager-Secure Routing (SM-SR) and profile management.
  • SM-SR Subscription Manager-Secure Routing
  • a profile that contains one or more network connection applications and associated network connection credentials that enable it.
  • An operator profile is a profile that includes one or more network connection applications and associated connection credentials.
  • the profile configuration method according to the present invention largely includes basic attribute data and policy rule management method of a profile, an eUICC internal or external interworking interface providing method for profile management, and a profile security method.
  • a first embodiment of the profile construction method according to the present invention comprises a profile including attribute data and policy rules of the profile.
  • the attribute data of the profile includes a profile identifier, a profile type, status information, network operator (MNO) information, a network access application (NAA) list belonging to the profile, a privilege, and profile data.
  • MNO network operator
  • NAA network access application
  • policy rules of the profile include policy rules for one or more of whether profile deletion is allowed, profile state change notification, profile state change is allowed, and profile type change is allowed.
  • a second embodiment of the profile configuration method according to the present invention comprises an eUICC internal or external interworking interface for profile management.
  • the eUICC internal or external interworking interface may include an interface for selecting a profile, an interface for inquiring, adding, and modifying profile data and policy rules, an interface for changing profile state, an external profile and an eUICC external object (or an internal eUICC). Object), an interface for setting and changing a profile management key, an internal interface for registering or unregistering with eUICC when installing or deleting a profile.
  • a third embodiment of a profile configuration method according to the present invention includes a profile security method.
  • the profile security method the property data of the profile through the secure messaging (ecure messaging) with the eUICC internal or external interworking device 400, over the air (OTA), policy rule data management (for example, issuing, Profile security is performed using one or more of the following methods.
  • the attribute data and policy rule data that the profiles basically manage and provide are defined.
  • the present invention proposes embodiments for defining an interface for interworking with an internal or external eUICC and using the interface.
  • the present invention defines the security functions that the profile must provide.
  • the present invention proposes a basic data included in the configuration profile and a data structure for managing the same.
  • FIG. 1 is a diagram illustrating a connection relationship between an eUICC and a peripheral external device according to an embodiment of the present invention.
  • the eUICC 100 includes one or more profiles as shown in FIG. 1. As shown in FIG. 1, there may be several profiles in the eUICC, and if only a profile block is loaded, it is a loaded profile, and the installed profile is either an enabled profile 5100 or an inactive depending on the state. (disabled) in the form of a profile 5200.
  • the eUICC 100 may also include a Mobile Network Operator-Over The Air (MNO-OTA) 200, an MNO Core Network 300, one or more Subscription Manger-Secure Routing (SM-SR) 410, one or more SM- It may be connected with a subscription manger-data preparation (DP) 420.
  • MNO-OTA Mobile Network Operator-Over The Air
  • MNO Core Network 300 MNO Core Network 300
  • SM-SR Subscription Manger-Secure Routing
  • DP subscription manger-data preparation
  • the MNO-OTA 200 and the MNO core network 300 are operated by an entity that provides a communication service to customers through a mobile network, that is, a mobile network operator, and communicate with a terminal. As shown in FIG. 1, the MNO-OTA 200 provides a profile content access credentials to the eUICC 100.
  • the SM-SR 410 plays a role of safely performing a function of directly managing service provider profiles and configuration profiles on the eUICC.
  • the SM-DP 420 prepares the operator profile and the configuration profile to be securely provisioned on the eUICC, for example, encrypts the profile.
  • the subscriber management module which is a concept of integrating the SM-SR 410 and the SM-DP 420, may be understood as a system that provides a function for securely managing profiles on an eUICC and provisioning profiles securely on an eUICC. Can be.
  • FIG. 2 is a block diagram of an eUICC module according to an embodiment of the present invention.
  • the components to be described below with reference to FIG. 2 may be defined by functions that each performs as components defined by functional divisions, not physical divisions.
  • Each of the components may be implemented in hardware and / or program code and a processing unit for performing each function, and the functions of two or more components may be included in one component and implemented.
  • the eUICC 100 includes a standard platform and API 120 such as a card operating system 110 and Java Cards.
  • the eUICC 100 is also a module for supporting profiles in the Card Operating System 110 and the upper layers of the standard platform and API 120, and the profile manager 130 and the profile for installing and managing profiles. It may include a profile installer (140).
  • the eUICC 100 includes one or more profiles. Profiles can be classified into several types according to their states. When a profile block is loaded in a memory (for example, EEPROM, Flash memory, etc.) that does not change, it can be defined as a loaded profile 5300.
  • a memory for example, EEPROM, Flash memory, etc.
  • a necessary memory allocation is performed, and when issuance of necessary data may be defined as an installed profile.
  • the installed profile may exist as an enable profile 5100 or a disable profile 5200 depending on the state.
  • the active profile 5100 is a state in which network access applications (NAAs) belonging to the profile are selectable after the profile is installed.
  • the inactive profile 5200 refers to a profile in which a profile is installed but network access applications (NAAs) belonging to the profile are not selectable.
  • the installed profile that is, the active profile 5100 and the inactive profiles 5200 in FIG. 2, includes a content management unit 5101 and a network connection application (NAA) that provide a function of remotely managing data of the profile.
  • NAA network connection application
  • the installed profile also includes a profile registry 5110 for managing profile attribute data and policy rules and a Policy Enforcement Function 5120 for performing profile related policy rules.
  • policy rules refer to an operation required to implement an eUICC management policy related to eUICC remote management.
  • the profile installation unit 140 has a key (credentials) for installing the profile instance (instance) as a module for verifying, decrypting, installing the profile data.
  • the profile manager 130 may include a profile block management, a profile information registry, and a profile enforcement policy.
  • Profile block management is a module that manages encrypted data blocks when a profile is installed, and has a key for installing, deleting, activating, and deactivating a profile.
  • the profile information repository manages the profile list installed in association with the profile installation unit, the NAA list of the corresponding profile, the profile state, and the profile type information.
  • the profile related policy execution unit manages the profile related policies and applies them.
  • Attribute data managed by a profile according to the present invention may include data as illustrated below.
  • NAA Network Access Applications
  • profile identifier, profile type, and profile state information are preferably included as profile attribute data, and other attribute data may be additionally included.
  • policy rule data managed by the profile according to the present invention may include one or more of the data as illustrated below.
  • each attribute data or each policy rule data is managed in the form of an elementary file (EF).
  • EF elementary file
  • all attribute data and policy rule data are managed in the form of one elementary file (EF)
  • EF elementary file
  • data object template data object template
  • Figure 3 shows an embodiment of a profile configuration method according to the present invention.
  • FIG. 3 shows a preferred embodiment of a method of managing in an EF form having respective data, which is the first method.
  • Attribute data and policy rule data may be defined in the form of EF under MF (Master File).
  • each EF file may have a file ID of '2FXX' according to the ISO7816-4 standard.
  • each EF file is a file ID of '6FXX' according to the ISO / IEC 7816-4 standard. May have The access rights of each EF file can be defined according to the service environment of eUICC.
  • One embodiment of the profile type data definition among the attribute data or policy rule data of the profile according to the present embodiment is shown in the form of coded with one byte of data as shown in the second shown table of FIG. 3.
  • profile attribute data and policy rules in particular, an embodiment of a profile privilege related data definition may also be represented in a coded form as in the last table of FIG. 3.
  • Profile privilege related data may have one or more of the following items.
  • ⁇ Default Selected A specific profile is automatically selected on the basic logical channel after an eUICC reset.
  • an operation profile may provide a service for providing external object access information.
  • attribute data and policy rule data other than the profile type and privilege data may also be defined in an EF form similar to the table shown in FIG. 3. . That is, the present invention does not define all the data, but may include all the definitions of the EF type that can be generally considered.
  • FIG. 4 shows another embodiment of a method for constructing a profile according to the present invention.
  • Figure 4 shows a preferred embodiment of the second method of the profile configuration method according to the present invention.
  • the attribute data and policy rule data management file may be defined in the EF form under MF (Master File).
  • the EF file may have a file ID in the form of '2FXX' according to the ISO7816-4 standard.
  • the corresponding EF file is a file ID of '6FXX' according to the ISO / IEC 7816-4 standard. May have The access rights of the EF file can be defined according to the service environment of eUICC.
  • FIG. 5 shows another embodiment of a method for constructing a profile according to the present invention.
  • Figure 5 shows a preferred embodiment of the third method of the profile configuration method according to the present invention.
  • FIG. 5 is a table illustrating object templates in the case of managing the attribute data of the profile and the policy rule data in the form of a data object template in the profile.
  • Tag values and the like defined in the table shown in FIG. 5 are arbitrarily defined values, and forms in which each data is defined as a general Tag Length Value (TLV) data structure may be considered to conform to the structure of the present invention.
  • TLV Tag Length Value
  • the interworking interface with the eUICC internal and external objects provided by the profile according to the present invention includes at least one of the commands or functions defined below.
  • the profile selection method which is the first embodiment of the profile interworking interface according to the present invention, can be classified into two types.
  • the first method is to explicitly select a specific profile by sending a "selection" command using the external companion device 400 (or eUICC internal module) profile ID
  • the second method is to implicitly select a specific profile. Way.
  • FIG. 6 shows an embodiment of a profile selection method according to the present invention.
  • FIG. 6 illustrates an embodiment of an interworking protocol in which the external companion device 400 selects a profile when the specific profile is explicitly selected using the profile ID.
  • the profile 5000 may support a SELECT command which is a file selection command defined in the ETSI TS 102 221 and the Global Platform standard as a command for selecting a profile.
  • the external companion device 400 may select a specific profile through a SELECT command provided by the profile 5000 (S610).
  • the external companion device 400 may be, for example, a device such as a terminal or an SM.
  • the external companion device 400 may be an eUICC internal module.
  • the eUICC internal module may be a profile manager 130.
  • File control information may be returned as response data to the file selection command S610 (S620).
  • the file control information may include a profile ID, profile status information, profile data size, and the like.
  • the eUICC 100 may check whether the corresponding profile is a profile installed on the eUICC through the received file control information and process the corresponding profile to be selected.
  • the specific profile has an implicit selection privilege or is enabled in the eUICC. If only one exists, the eUICC 100 may implicitly select the profile. In this case, the external companion device 400 may implicitly select a specific profile 5000 only by resetting the eUICC 100 without transmitting an instruction for selecting the profile 5000 to the eUICC 100.
  • the method for querying the above-described profile attribute data and policy rule in the external companion device 400 or the eUICC internal module may be a data management scheme, that is, whether the attribute data and policy rule data are EF files in the profile. There are two ways to distinguish between data objects.
  • the profile may support a command to select an EF file and read the file data.
  • the external companion device 400 or the eUICC internal module may inquire necessary data through a command provided by the profile 5000.
  • FIG. 7 illustrates an embodiment of a profile attribute data or policy rule query method according to the present invention.
  • FIG. 7 illustrates an embodiment of an interworking protocol in which the external companion device 400 inquires data when the attribute data and the policy rule are in the EF form.
  • the profile 5000 is a command for reading data according to an EF file type and may support a READ BINARY or READ RECORD command, which is a general file reading command defined in ISO / IEC 7816-4 and ETSI 102 221.
  • the external companion device 400 may inquire the attribute data and the policy rule of the profile by using the READ BINARY or READ RECORD command S710 supported by the profile 5000.
  • the profile 5000 checks the file read access condition and returns data of the corresponding file only when the access condition is satisfied (S720).
  • the attribute data and policy rules are applied when they are managed in the form of data objects.
  • FIG. 8 illustrates another embodiment of a profile attribute data or policy rule query method according to the present invention.
  • FIG. 8 illustrates an embodiment of an interworking protocol in which the external companion device 400 inquires data when the attribute data and policy rule data are in the form of a data object.
  • the profile 5000 supports a command for querying a data object, thereby providing a function for the external companion device 400 to query profile attribute data and policy rules through the command.
  • the profile 5000 is a command for inquiring a data object and can support a GET DATA command defined in ISO / IEC 7816-4 and a global platform.
  • the external companion device 400 can search for attribute data through a GET DATA command. Inquire (S810). In this case, the external companion device 400 may call the GET DATA command without a parameter to query the entire profile management data.
  • the profile 5000 checks the validity of the parameter and returns the corresponding data object or the entire data object (S820).
  • the external companion device 400 may be, for example, a device such as a terminal or an SM.
  • the external interworking device 400 may be replaced with an eUICC internal module, and in this case, the eUICC internal module may be the profile manager 130.
  • the profile 5000 may support a selection of an EF file and a file update command.
  • EF elementary file
  • FIG. 9 illustrates an embodiment of an interworking interface when adding or modifying profile attribute data and policy rules according to the present invention.
  • FIG. 9 illustrates an embodiment of an interworking protocol in which the external companion device 400 adds / modifies data when the attribute data and the policy rule are in the EF form.
  • the external companion device 400 may add or modify necessary data by selecting an EF file (S910) and a command (S930) for updating file data.
  • the profile 5000 may support an UPDATE BINARY or UPDATE RECORD command, which is a general file update command defined in ISO / IEC 7816-4 and ETSI 102 221, as a data update command according to the type of an EF file.
  • UPDATE BINARY or UPDATE RECORD command which is a general file update command defined in ISO / IEC 7816-4 and ETSI 102 221, as a data update command according to the type of an EF file.
  • the external companion device 400 may modify data of the EF file by using an UPDATE BINARY or UPDATE RECORD command provided by the profile 5000 (S930).
  • Profile data to be modified can be set in the data field of the UPDATE BINARY command.
  • the record number and the data to be modified can be set in the data field of the UPDATE RECORD command.
  • the profile checks the file update access condition and checks whether the access condition is satisfied. In addition, the profile checks that the policy does not violate a specific policy rule (for example, whether to allow the type change, whether to change the state, etc.) and if it is found to return a policy violation error (S940). If this does not violate, update the data in the file.
  • a specific policy rule for example, whether to allow the type change, whether to change the state, etc.
  • FIG. 9 illustrates a procedure (S920) of inputting a VERIFY PIN which is an administrator authentication value (ADM) authentication command when the file update access condition is an administrator's authority.
  • the file can be updated only when the administrator authentication value is normally authenticated.
  • FIG. 10 illustrates another embodiment of an interworking interface when adding or modifying profile attribute data and policy rule according to the present invention.
  • FIG. 10 illustrates an embodiment of an interworking protocol in which the external companion device 400 adds / modifies data when the attribute data and the policy rule are in the form of a data object.
  • the external companion device 400 may add / modify attribute data and policy rule data of a profile by using a command for updating a data object.
  • the profile 5000 is a command for adding / modifying data objects and may support the PUT DATA command defined in ISO / IEC 7816-4.
  • the external companion device 400 may add / modify profile attribute data and policy rules using the PUT DATA command provided by the profile 5000 (S1010).
  • one or more data objects can be updated by setting one profile data object or a data object group of a nested structure.
  • the profile 5000 checks the data update right condition (for example, mutual authentication through a key) to check whether the right condition is already satisfied. In addition, the profile 5000 checks whether it does not violate a specific policy rule (for example, whether to allow a type change, whether to change the state, etc.), and returns a policy violation error if it violates (S1020). If it does not violate, add / modify the data object value.
  • a specific policy rule for example, whether to allow a type change, whether to change the state, etc.
  • a method of querying the state of the profile in the external companion device 400 or the eUICC internal module is similar to the embodiments of FIGS. 7 and 8, and is defined in the profile attribute data and the policy rule query interworking interface item.
  • Profile status can be queried using the same method as the profile attribute data and policy rule data query method.
  • the method of changing the state of the profile in the external companion device 400 or the eUICC internal module can be largely divided into two types.
  • the first method is a method of changing a specific file or data object by using the same method as described with respect to the addition and modification of profile attribute data and policy rule, as described above with reference to the embodiments illustrated in FIGS. 9 and 10. You can change the status with.
  • the second method of changing the state of the profile according to the present invention is a method of changing the state through a specific command for changing the state information in order to grant and manage the state information management authority separately.
  • the profile 5000 may support an instruction for changing the state of the profile.
  • the external companion device 400 may change the profile state by using a state change command provided by the profile.
  • FIG. 11 illustrates an embodiment of an interworking interface for changing a profile state according to the present invention.
  • FIG. 11 illustrates an embodiment of an interworking protocol in which the external interworking device 400 changes a state of a profile by using a state change command provided by the profile 5000.
  • the SET STATUS command defined in the global platform may be supported.
  • the external companion device 400 may change the active profile to the inactive state or change the inactive profile to the active state by using the SET STATUS command (S1110).
  • the external companion device 400 may call the profile state change command after performing mutual authentication with the eUICC according to the security setting of the eUICC in order to change the state of the profile 5000.
  • the profile 5000 checks whether a policy state change allowance policy rule exists and does not violate the policy. If the policy is violated, an appropriate error is returned. If not violating the policy, the profile 5000 changes the state of the profile itself to match the state sent (active / inactive) as a parameter of the SET STATUS command. At this time, if there is a policy rule of status change notification of the profile and the value is set, the profile returns a value according to a method of notifying the status change of the profile.
  • an OTA (Over The Air) method using a short message service (SMS) may be used as a method of notifying a state change of the profile 5000.
  • SMS short message service
  • the profile 5000 notifies the status change by the OTA method using the SMS
  • the profile 5000 returns a success message including the value '91XX' as the status word (S1120).
  • the terminal or the external companion device 400 reads the OTA message from the eUICC 100 and transmits the OTA message to the OTA system of the service provider MNO of the profile 5000.
  • the service provider may check that the state of the profile 5000 of the eUICC 100 is changed.
  • the security authentication method between the profile and the external interworking device (or the eUICC internal module) according to the present invention may have various methods depending on the key data and the authentication method used for the security authentication.
  • the mutual authentication method and the mutual authentication method through a certificate are mentioned.
  • the first method may use a secure channel protocol '02' using a shared key defined in a global platform.
  • Profiles may support commands to support secure authentication.
  • FIG. 12 illustrates an embodiment of a security authentication method with a profile and an external companion device according to the present invention.
  • FIG. 12 illustrates an embodiment of a mutual security authentication method using a shared key between a profile and an external companion device.
  • the profile 5000 may support INIT UPDATE and EXTERNAL AUTHENTICATE commands provided by a global platform in order to support mutual security authentication using a shared key.
  • the external interworking device 400 performs a procedure of verifying whether the correct keys are owned by each other by using keys previously shared with each other by using an INIT UPDATE S1210 and EXTERNAL AUTHENTICATE S1230 command.
  • the external companion device 400 generates a random value, sets the data as an INIT UPDATE command, and transmits the data to the profile (S1210).
  • the profile 5000 generates a session key using the shared key and returns a random value of the card and a value obtained by encrypting the random value to the external companion device 400 (S1220).
  • the external companion device 400 also generates a session key using the shared key and verifies whether the encrypted data received from the profile is correct.
  • the external companion device 400 encrypts the random value generated by the external companion device 400 and transmits the encrypted random value to the profile 5000 (S1230).
  • the profile 5000 checks whether the encrypted value transmitted by the external companion device 400 is correct and returns a success / failure result (S1240).
  • a certificate-based secure channel protocol '10' provided by a global platform may be used.
  • the procedures and commands of the secure authentication method can follow the method defined in the global platform.
  • a method of changing the management key of the profile in the external companion device a method of performing a separate key management command may be used. Since the management key may be only a module having a specific authority, the command may be executed after the authority verification is performed through the security authentication method described above with respect to the security authentication between the profile and the external companion device.
  • FIG. 13 illustrates an embodiment of an interworking protocol when an external companion device sets or changes a profile management key according to the present invention.
  • the profile 5000 provides a command for changing a management key, wherein the command may be a PUT KEY command defined in a global platform for key setting / change.
  • the external companion device 400 may set / change a profile management key by using a PUT KEY command provided by the profile 5000.
  • the profile 5000 has a security authentication scheme policy in order to obtain the authority to set / change the management key
  • the external companion device 400 as described above with reference to the embodiment of FIG.
  • the authentication procedure described in the security authentication related part with the companion device 400 (or the eUICC internal module) may be previously performed.
  • the external companion device 400 may set a key index and new key data to be set or changed as a data field of the PUT KEY command (S1310).
  • the profile 5000 checks whether the security policy is normally performed before the command call, so that the security policy is not violated. If the profile 5000 does not violate the security policy, the profile 5000 sets or changes new key data and transmits the result value to the external companion device 400.
  • the method of registering the profile 5000 to the eUICC internal module 150 when installing the profile 5000 may include a method in which the profile uses a profile registration interface provided by the eUICC internal module 150.
  • the eUICC internal module 150 may collectively manage profile attribute information such as a profile list installed on the eUICC, a type / status / NAA list of each profile, and the like.
  • the eUICC internal management module 150 according to the present invention may be, for example, the profile manager 130, the eUICC platform 120, and the like, which have been described with reference to FIG. 2.
  • the eUICC internal module 150 may provide a profile registration interface to obtain information of the profile.
  • the profile 5000 may register information such as a profile identifier, a profile type, a status, a NAA list, and the like into the eUICC internal module 150 at the time when the profile 5000 is installed in the eUICC using the profile registration interface.
  • FIG. 14 illustrates an embodiment of an interworking protocol for registering profile information according to the present invention.
  • FIG. 14 illustrates an embodiment of an interworking protocol in which a profile registers profile information in an eUICC internal module.
  • the eUICC internal management module 150 may provide a REGISTER command as an internal interface (API) for registering the profile 5000.
  • API internal interface
  • the profile 5000 calls the REGISTER command provided by the eUICC internal management module 150 at the time when profile installation is completed, and sends profile information (profile identifier, type, status, NAA list, etc.) to the eUICC internal management module 150. It is possible to register (S1410).
  • the eUICC internal management module 150 verifies the validity of the profile information and stores and manages it in a memory such as a data store. The eUICC internal management module 150 then returns the profile registration related result value to the profile 500 (S1420).
  • REGISTER (Profile ID, Profile Type, NAAs list, initial status) may be mentioned.
  • the REGISTER command is used to register profile information in the eUICC internal management module.
  • the parameters may include a profile identifier, a profile type, a list of NAAs belonging to the profile, and a profile state (active / inactive) at the initial installation. .
  • a method of releasing a profile from the profile registration in the eUICC internal management module when deleting a profile may include a method in which a profile uses a profile deregistration interface provided by the eUICC internal management module.
  • the eUICC internal management module 150 may integrally manage profile information installed on the eUICC.
  • the eUICC internal management module 150 may provide a profile deregistration interface to delete information of a registered profile.
  • FIG. 15 illustrates an embodiment of an interworking protocol in which a profile requests a profile deregistration to an eUICC internal management module.
  • the eUICC internal management module 150 may provide a DEREGISTER command as an internal interface for deregistering a profile.
  • the profile 5000 may request to deregister the profile by calling the DEREGISTER command provided by the eUICC internal management module 150 at the start of the profile deletion procedure (S1510).
  • the eUICC internal management module 150 deletes the profile management information after checking whether the profile for which registration is requested is a registered profile identifier.
  • the eUICC internal management module 150 then returns the profile deregistration related result value to the profile 5000 (S1520).
  • An example of an API for deregistering a profile used in the embodiment of FIG. 15 with the eUICC internal management module 150 may include DEREGISTER (Profile ID), and deregistering a profile with the eUICC internal management module. Can be used.
  • the parameter of the DEREGISTER command may include a profile identifier.
  • Profile ensures the confidentiality (confidentiality) and integrity (integrity) of the command APDU (Application Protocol Data Unit) exchanged with the external interworking device and the eUICC internal management module.
  • command APDU Application Protocol Data Unit
  • a profile according to the present invention uses a secure channel as a way to guarantee the confidentiality and integrity of the command APDU.
  • the secure channel generation method performs security authentication as defined in the security authentication related part between the profile and the external interworking device (or the eUICC internal module) as described in the embodiment of FIG. 12, and sets the security level when the security authentication is successfully performed. And session key generation is complete.
  • the profile and the external interworking device may ensure the confidentiality and integrity of the command APDU by generating the data encryption and data authentication code (MAC) of the command through the generated session key and adding it to the APDU.
  • MAC data encryption and data authentication code
  • Command security message method through secure channel is performed by external interworking device (or eUICC internal management module) with specific authority in eUICC management policy such as changing profile status, adding / modifying profile attribute data and policy rule, setting / changing profile management key. Applicable only when performing a possible interface.
  • Profiles according to the present invention also support remote management of profile attribute data and policy rule changes, profile state changes, and the like via Over The Air (OTA).
  • OTA Over The Air
  • the key for the secure channel and the OTA management function of the profile according to the invention is managed separately and securely.
  • each key can be changed to a new key by the profile owner according to the method of setting or changing the profile management key as described in the embodiment of FIG. 13.
  • the profile owner may be, for example, a network service provider (MNO), a subscriber manager module, or the like.
  • MNO network service provider
  • subscriber manager module a subscriber manager module
  • 16 is a flowchart illustrating a method of configuring a profile according to an embodiment of the present invention.
  • the profile configuration method according to the present invention illustrated in FIG. 16 may be mainly performed by a subscriber authentication module installed in a terminal device, for example, an eUICC.
  • the profile configuration method largely comprises the steps of installing one or more profiles (S1610), registering the installed profile (S1620), receiving a change or inquiry request for the installed one or more profiles (S1630), changing Alternatively, the method may include performing an operation according to the inquiry request (S1640), and returning a response value of the operation for the change or inquiry request (S1650).
  • one or more profiles may be distinguished by a unique identifier.
  • receiving a change or inquiry request for the installed one or more profiles specifically, for example, receiving a profile state change request (S1631), receiving a profile deletion request (S1632), attributes Receiving a data or policy rule change request (S1633), receiving a property data or policy rule inquiry request (S1634), and receiving a profile management key change request (S1635).
  • the change or inquiry request for the profile represents only a part of various embodiments that may be considered according to the profile interworking interface according to the present invention, and there may be various profile attribute data or policy rule-related change or inquiry requests. It should be understood.
  • the method for constructing a profile according to the present invention including the above-described steps, operation sequences, and instructions may be implemented as computer-readable program code on a computer-readable recording medium.
  • Computer-readable recording media include all types of recording devices that store data that can be read by a computer system. For example, there are ROM, RAM, CD-ROM, DVD-ROM, Blu-ray, magnetic tape, floppy disk, optical data storage, and the like, and also include those implemented in the form of a carrier wave (eg, transmission over the Internet). .
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
  • the functional program code for carrying out the technical idea of the present invention can be easily inferred by programmers in the technical field to which the present invention belongs.
  • the present invention relates to a function that a profile must basically provide in order to manage profiles installed on an eUICC by an eUICC internal management module or an external interworking device, and relates to profile management data, an external interworking interface, and a security feature. Contains the content.
  • the external interlocking device and the eUICC internal management module can inquire basic information of the profile, modify the necessary information, and synchronize data between the eUICC internal data and the external management system. It is possible.
  • profile policy rules e.g., network service providers, etc.
  • profile owners e.g., network service providers, etc.
  • the minimum interface required to manage the profile is standardized, so that the external interworking system or the eUICC internal interworking device managing the profile acquires the profile information or the information. And a method for modifying the state and the like.
  • the present invention proposes a method in which the proposed management function can be performed in a secure environment by defining security characteristics of a profile.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé de configuration d'un profil d'un module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et un appareil l'utilisant. Le module d'authentification de souscripteur intégré et installé dans le dispositif de terminal selon un aspect de la présente invention comprend un ou plusieurs ensembles de données relatifs à l'application d'accès réseau et un ou plusieurs profils ayant des identifiants uniques. La présente invention permet à un fournisseur d'écosystème tel qu'un fournisseur de services réseau, un fabricant d'eUICC, ou un fabricant de terminal de développer une eUICC efficace et rapide et de fournir un service d'eUICC.
PCT/KR2013/010022 2012-11-19 2013-11-06 Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant Ceased WO2014077544A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US14/443,788 US9706407B2 (en) 2012-11-19 2013-11-06 Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same
US15/645,123 US10334443B2 (en) 2012-11-19 2017-07-10 Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20120131051 2012-11-19
KR10-2012-0131051 2012-11-19
KR10-2013-0058111 2013-05-23
KR1020130058111A KR102164447B1 (ko) 2012-11-19 2013-05-23 단말 장치에 내장되어 설치되는 가입자 인증 모듈의 프로파일 구성 방법 및 이를 이용하는 장치

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US14/443,788 A-371-Of-International US9706407B2 (en) 2012-11-19 2013-11-06 Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same
US15/645,123 Continuation US10334443B2 (en) 2012-11-19 2017-07-10 Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same

Publications (1)

Publication Number Publication Date
WO2014077544A1 true WO2014077544A1 (fr) 2014-05-22

Family

ID=50731405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/010022 Ceased WO2014077544A1 (fr) 2012-11-19 2013-11-06 Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant

Country Status (1)

Country Link
WO (1) WO2014077544A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016013827A1 (fr) * 2014-07-19 2016-01-28 Samsung Electronics Co., Ltd. Procede et dispositif pour le provisionnement de carte sim embarquee
WO2016043534A3 (fr) * 2014-09-16 2016-05-06 Samsung Electronics Co., Ltd. Procédé de fourniture de service réseau, et dispositif électronique
DE102015000688A1 (de) * 2015-01-20 2016-07-21 Giesecke & Devrient Gmbh Verfahren und Vorrichtungen zum Verwalten von Subskriptionsprofilen auf einem mobilen Endgerät
WO2016201398A1 (fr) * 2015-06-11 2016-12-15 Giesecke & Devrient America, Inc. Gestion de profils actifs multiples de module d'identité d'abonné
CN109068314A (zh) * 2018-09-27 2018-12-21 努比亚技术有限公司 运营商配置文件切换方法、智能设备及可读存储介质
US11140200B1 (en) 2017-12-29 2021-10-05 Juniper Networks, Inc. Distributing a network policy using connectivity fault management
EP3910898A1 (fr) * 2020-05-13 2021-11-17 Giesecke+Devrient Mobile Security GmbH Gestion des règles du profil esim

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20100019235A (ko) * 2008-08-08 2010-02-18 에스케이 텔레콤주식회사 단말기와 스마트 카드 간 인터페이스 시스템 및 그 방법, 그리고 이에 적용되는 스마트 카드
KR20110050426A (ko) * 2008-06-10 2011-05-13 알까뗄 루슨트 액세스 제공 방법, 모바일 단말 및 엔드 디바이스
US20110130117A1 (en) * 2009-12-01 2011-06-02 James Fan Service Models for Roaming Mobile Device
KR20120029466A (ko) * 2009-06-08 2012-03-26 퀄컴 인코포레이티드 사용자 프로파일에 기초하여 가상 sim 서비스 계약들을 스위칭하기 위한 방법 및 장치
EP2461613A1 (fr) * 2010-12-06 2012-06-06 Gemalto SA Procédés et système pour la manipulation de données d'une UICC

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110050426A (ko) * 2008-06-10 2011-05-13 알까뗄 루슨트 액세스 제공 방법, 모바일 단말 및 엔드 디바이스
KR20100019235A (ko) * 2008-08-08 2010-02-18 에스케이 텔레콤주식회사 단말기와 스마트 카드 간 인터페이스 시스템 및 그 방법, 그리고 이에 적용되는 스마트 카드
KR20120029466A (ko) * 2009-06-08 2012-03-26 퀄컴 인코포레이티드 사용자 프로파일에 기초하여 가상 sim 서비스 계약들을 스위칭하기 위한 방법 및 장치
US20110130117A1 (en) * 2009-12-01 2011-06-02 James Fan Service Models for Roaming Mobile Device
EP2461613A1 (fr) * 2010-12-06 2012-06-06 Gemalto SA Procédés et système pour la manipulation de données d'une UICC

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106664544B (zh) * 2014-07-19 2020-03-27 三星电子株式会社 用于嵌入式sim供应的方法和设备
WO2016013827A1 (fr) * 2014-07-19 2016-01-28 Samsung Electronics Co., Ltd. Procede et dispositif pour le provisionnement de carte sim embarquee
CN106664544A (zh) * 2014-07-19 2017-05-10 三星电子株式会社 用于嵌入式sim供应的方法和设备
US9705546B2 (en) 2014-07-19 2017-07-11 Samsung Electronics Co., Ltd Method and device for embedded SIM provisioning
AU2015293001B2 (en) * 2014-07-19 2018-04-05 Samsung Electronics Co., Ltd. Method and device for embedded SIM provisioning
WO2016043534A3 (fr) * 2014-09-16 2016-05-06 Samsung Electronics Co., Ltd. Procédé de fourniture de service réseau, et dispositif électronique
US10142829B2 (en) 2014-09-16 2018-11-27 Samsung Electronics Co., Ltd Method for providing network service and electronic device
DE102015000688A1 (de) * 2015-01-20 2016-07-21 Giesecke & Devrient Gmbh Verfahren und Vorrichtungen zum Verwalten von Subskriptionsprofilen auf einem mobilen Endgerät
WO2016201398A1 (fr) * 2015-06-11 2016-12-15 Giesecke & Devrient America, Inc. Gestion de profils actifs multiples de module d'identité d'abonné
US10237723B2 (en) 2015-06-11 2019-03-19 Giesecke+Devrient Mobile Security America, Inc. Managing multiple active subscriber identity module profiles
US11140200B1 (en) 2017-12-29 2021-10-05 Juniper Networks, Inc. Distributing a network policy using connectivity fault management
CN109068314A (zh) * 2018-09-27 2018-12-21 努比亚技术有限公司 运营商配置文件切换方法、智能设备及可读存储介质
EP3910898A1 (fr) * 2020-05-13 2021-11-17 Giesecke+Devrient Mobile Security GmbH Gestion des règles du profil esim

Similar Documents

Publication Publication Date Title
EP4179751A1 (fr) Procédé et appareil pour installer et gérer de multiples profils esim
WO2016163796A1 (fr) Procédé et appareil de téléchargement d'un profil dans un système de communication sans fil
WO2016024695A1 (fr) Procédé et appareil de téléchargement de profil de dispositifs de groupe
WO2014077544A1 (fr) Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant
WO2020091310A1 (fr) Procédé et appareil de gestion de faisceaux de plateforme sécurisée intelligente
WO2016003200A1 (fr) Procédé et appareil pour l'installation de profil pour carte de circuit integre universelle incorporee
WO2016167536A1 (fr) Procédé et appareil de gestion d'un profil d'un terminal dans un système de communication sans fil
WO2021172873A1 (fr) Procédé et dispositif de gestion et de vérification à distance d'une autorité de gestion à distance
EP3284274A1 (fr) Procédé et appareil de gestion d'un profil d'un terminal dans un système de communication sans fil
WO2021066569A1 (fr) Procédé et appareil permettant la réinstallation d'un profil de sim dans un système de communication sans fil
WO2014030893A1 (fr) Procédé de gestion de profil par module d'authentification d'abonné intégré dans un dispositif terminal, et dispositif d'authentification d'abonné l'utilisant
WO2018147711A1 (fr) Appareil et procédé de contrôle d'accès de esim
WO2013065915A1 (fr) Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
WO2016153303A1 (fr) Procédé et appareil permettant l'installation d'un profil de terminal dans un système de communication sans fil
WO2020226466A1 (fr) Procédé et appareil pour gérer et vérifier un certificat
WO2013036010A1 (fr) Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement
WO2016080595A1 (fr) Procédé pour fournir un service à numéros multiples
WO2013066077A1 (fr) Procédé pour gérer plusieurs profils dans une carte uicc intégrée, carte uicc intégrée et terminal correspondant
WO2016013846A1 (fr) Procédé de traitement de message de demande dans un système de communications sans fil, et appareil associé
WO2021201644A1 (fr) Procédé et appareil de gestion d'événement pour plate-forme sécurisée intelligente
WO2023158243A1 (fr) Procédé et appareil de transfert et de stockage de code d'activation pour changement de dispositif esim
WO2016133369A1 (fr) Procédé et appareil pour recevoir un profil par un terminal dans un système de communication mobile
WO2020171475A1 (fr) Procédé de changement de dispositif et appareil de système de communication sans fil
WO2014171711A1 (fr) Procédé pour favoriser la politique de restriction des changements de prestataires de services pour l'abonné dans les communications mobiles et appareil associé
WO2022045869A1 (fr) Appareil et procédé de gestion d'événements dans un système de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13854279

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 14443788

Country of ref document: US

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 04.09.2015)

122 Ep: pct application non-entry in european phase

Ref document number: 13854279

Country of ref document: EP

Kind code of ref document: A1