[go: up one dir, main page]

WO2025099519A1 - Method for associating an embedded universal integrated circuit card with a remote manager module, corresponding device and system architecture - Google Patents

Method for associating an embedded universal integrated circuit card with a remote manager module, corresponding device and system architecture Download PDF

Info

Publication number
WO2025099519A1
WO2025099519A1 PCT/IB2024/060248 IB2024060248W WO2025099519A1 WO 2025099519 A1 WO2025099519 A1 WO 2025099519A1 IB 2024060248 W IB2024060248 W IB 2024060248W WO 2025099519 A1 WO2025099519 A1 WO 2025099519A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
association
lot devices
token
manager module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/IB2024/060248
Other languages
French (fr)
Inventor
Luigi Di Maggio
Nicola FATTORUSO
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics International NV Switzerland
STMicroelectronics International NV
Original Assignee
STMicroelectronics International NV Switzerland
STMicroelectronics International NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics International NV Switzerland, STMicroelectronics International NV filed Critical STMicroelectronics International NV Switzerland
Publication of WO2025099519A1 publication Critical patent/WO2025099519A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal

Definitions

  • the description relates to integrated circuit cards .
  • One or more embodiments can be applied to integrated circuit cards such as , for instance , embedded UICCs , eUICCs .
  • Integrated circuit cards such as Universal Integrated Circuit Cards , UICCs are widely used in a variety of contexts and applications such as in mobile terminals (mobile network devices ) in order to facilitate establishing a connection with the Global System for Mobile Communications , GSM or the Universal Mobile Telecommunications System, UMTS networks , maintaining the integrity and security of personal data .
  • GSM Global System for Mobile Communications
  • UMTS Universal Mobile Telecommunications System
  • Embedded UICCs are a type of integrated circuit card based on architectural standards published by the GSM Association, GSMA and configured to facilitate a secure storage of one or more S IM (“Subscriber Identity Module” ) card profiles , each of such one or more S IM card profiles comprising unique identi bombs and cryptographic keys used by a cellular network service providers in order to uniquely identi fy each of the profiles .
  • S IM Subscriber Identity Module
  • such profiles may be used in a mobile network device comprising a corresponding eUICC, thus , enabling such mobile network device to register and securely communicate via the cellular network .
  • loT Internet of Things
  • loT devices may be devices comprising sensors, processing ability, software and/or other technologies that can be configured to connect and exchange data with other devices and/or systems over the Internet or other communications networks, for instance, the cellular network .
  • FIG. 1 illustrates an loT device 100 comprising: an eUICC for loT devices 102, such eUICC for loT devices 102 comprising an ISD-R ("Issuer Security Domain - Root") block 104 and an ISD-P ("Issuer Security Domain - Profile") block 106 that comprises an MNO-SD ("Mobile Network Operator Security Domain”) block 108; and an IPAd ("loT Profile Assistant in the loT Device") block 110 configured to serve as a proxy between the eUICC for loT devices 102 and an eSIM loT remote Manager, elM 112.
  • an eUICC for loT devices 102 comprising an ISD-R ("Issuer Security Domain - Root") block 104 and an ISD-P (“Issuer Security Domain - Profile") block 106 that comprises an MNO-SD ("Mobile Network Operator Security Domain”) block 108; and an IPAd (“loT Profile Assistant in the loT Device") block 110 configured to serve as a proxy between the eUICC
  • the eUICC for loT devices 102 may be configured to be interfaced with the IPAd block 110 through: a first IPA--eUICC interface ESlOa, for performing profile download and installation operations and handling profile discovery, and a second IPA--eUICC interface ESlOb, for performing generic eUICC package download and execution.
  • a first IPA--eUICC interface ESlOa for performing profile download and installation operations and handling profile discovery
  • a second IPA--eUICC interface ESlOb for performing generic eUICC package download and execution.
  • the IPAd block 110 may be configured to be interfaced with the elM 112 through an eIM--IPA interface ESipa, for performing profile download and installation operations.
  • eIM--IPA interface ESipa may be used for triggering profile download at the IPAd block 110 and for providing a secure transport of the downloaded profiles to the eUICC for loT devices 102 .
  • the elM 112 is a module , usually a software implemented module , for instance , a server, configured to be external to the loT device 100 and configured to perform profile state management operations .
  • the profile state management operations may comprise for instance , sending profile state management packages to the eUICC for ToT devices 102 , enable , disable , and delete profiles or to trigger profile downloads at eUICC of the loT devices .
  • the elM 112 can either be a stand-alone component or a component of a higher-level functional system ( e . g . , device management platform) .
  • Such elM 112 may be configured to manage a single device , for instance , the loT device 100 , or a plurality of loT devices , facilitating the management of such devices and their profiles .
  • such elM 112 may be configured to be interfaced with the eUICC for loT devices 102 of such given device through an eIM--eUICC interface ESep, such eIM--eUICC interface ESep being a logical end-to-end interface between elM 112 and such eUICC for loT devices 102 used to trans fer eUICC packages for profile state management and elM configuration data by the elM 112 .
  • ESep eIM--eUICC interface
  • the eUICC packages for profile state management may comprise a REMOTE administration command or a plurality of REMOTE administration commands , that is , a session .
  • a session could comprise even a single command .
  • Such REMOTE administration commands may comprise , for instance , the following types of commands : an enable command, used to enable an installed profile in the eUICC 102 ; a disable command, used to disable an enabled profile in the eUICC 102 ; a delete command, used to delete an installed profile in the eUICC 102 ; a list of profile information command, used by the elM 112 to retrieve a list of profile information for installed profiles , including their current state , that is , enabled or disabled, and their associated profile metadata ; a get RAT ( "Rules Authorisation Table" ) command, used by the elM 112 to retrieve the Rules Authorisation Table , RAT from the eUICC 102 ; a configure auto-enable command, used to configure an automatic enabling of a profile in the eUICC 102 ; an ADD elM command, used to add an associated elM 112 to the eUICC 102 by providing elM configuration data ; an update el
  • Such elM 112 is further configured to communicate with : a SM-DP+ ("Subscription Manager Data Preparation +" ) block 114 , which is a server configured to prepare , store , and deliver digital eS IM profiles based on information obtained from an operator 116 through an operator--SM-DP+ interface ES2+ , such operator--SM-DP+ interface ES2+ being used by the operator to request the preparation of a profile for one or more eUICCs for loT devices 102 and for other administrative functions , and a SM-DS ("Subscription Manager Discovery Server" ) block 118 , which is a server configured to hold a list of the pro files that are available to each of the considered devices .
  • SM-DP+ Subscribescription Manager Data Preparation +
  • the communication between the elM 112 and the SM- DP+ block 114 may be implemented through an eIM--SM-DP+ interface ES 9+ ' , such eIM--SM-DP+ interface ES 9+ ' being used for profile download and installation and being secured with an HTTPS ("HyperText Trans fer Protocol Secure" ) protocol in server authentication mode .
  • HTTPS HyperText Trans fer Protocol Secure
  • the communication between the elM 112 and the SM- DS block 118 may be implemented through an eIM--SM-DS interface ES 11 ' , such eIM--SM-DS interface ES 11 ' being used to retrieve records of the events between such elM 112 and such SM-DS block 118 and being secured by TLS ("Transport Layer Security" ) in server authentication mode .
  • TLS Transport Layer Security
  • such SM-DP+ block 114 may be configured to be interfaced with the SM-DS block 118 through an SM- DS — SM-SP+ interface ES 12 , such SM-DS — SM-SP+ interface ES 12 being used by the SM-DP+ block 114 to manage event registrations and event deletions on the SM-DS block 118 .
  • the MNO-SD block 108 may be configured to be interfaced with the operator 116 through an operator-- eUICC interface ES 6 , such operator--eUICC interface ES 6 being used by the operator in order to manage their profiles stored within the eUICC for loT devices 102 via OTA ( "Over-The-Air” ) services .
  • OTA "Over-The-Air”
  • the IPAd block 110 may be further configured to be interfaced with the SM-DP+ block 114 through an IPA--SM- DP+ interface ES 9+ , such IPA--SM-DP+ interface ES 9+ being used for providing a secure transport of profile packages between the SM-DP+ block 114 and the IPAd block 110 , for instance , using an HTTPS ("HyperText Trans fer Protocol Secure" ) protocol in server authentication mode to communicate .
  • HTTPS HyperText Trans fer Protocol Secure
  • such IPAd block 110 may be further configured to be interfaced with the SM-DS block 118 through an IPA--SM-DS interface ES 11 , such IPA--SM-DS interface ES 11 being used to retrieve records of events between such IPAd block 110 and such SM-DS block 118 and being secured by TLS ("Transport Layer Security" ) in server authentication mode .
  • TLS Transport Layer Security
  • the eUICC for loT devices 102 may be further configured to be interfaced with the SM-DP+ block 114 through an SM-DP+--eUICC interface ES 8+ , such SM-DP+-- eUICC interface ES 8+ being configured to couple the ISD- P block 106 of the eUICC for loT devices 102 with the SM-DP+ block 114 in order to provide a secure end-to-end channel between them for the administration of such ISD- P block 106 and the associated profiles during download and installation operations .
  • Such coupling provided by such SM-DP+--eUICC interface ES 8+ may be intended to be tunnelled either over : the IPA--SM-DP+ interface ES 9+ and the second IPA--eUICC interface ES l Ob for a direct profile download, that is , wherein the IPAd block 110 can directly communicate with the SM-DP+ block 114 , or the elM — SM-DP+ interface ES 9+ ' , the elM — IPA interface ESipa, and the second IPA--eUICC interface ES l Ob for an indirect profile download, that is , wherein the IPAd block 110 communicates with the SM-DP+ block 114 via the elM 112 .
  • such eUICC for loT devices 102 is to be associated with at least one elM 112 before being able to do any profile state management operations .
  • Such association between the eUICC for loT devices 102 and the at least one elM 112 may be done by exchanging data .
  • the elM may send to the eUICC for loT devices 102 , through the eIM--eUICC interface ESep implemented on a communication network N, at least one set of data comprising configuration data of the at least one elM 112 .
  • association may be performed through a command ADD elM compri sing such at least one set of data and sent by the at least one elM 112 to the eUICC for loT devices 102 , for instance , using the elM- -eUICC interface ESep implemented over the communication network N .
  • Such set of data may be sent either by the elM 112 itsel f ( as previously described) already associated with the eUICC or by the IDA in case of the first elM adding .
  • the eUICC for loT devices 102 is configured to store such set of data, for instance , in the OS ("Operating System" ) of such eUICC 102 .
  • the eUICC for loT devices 102 and the elM 112 may be considered associated .
  • a set of data comprising configuration data of a corresponding elM 112 may comprise : an elM ID, that is , an elM identi bomb, unique for each of the elMs associated with a corresponding eUICC for loT devices , for instance , a text string, one or more elM keys , for instance , a public key of an asymmetric key pair, a private key of an asymmetric key pair, or the like , and one or more elM certi ficates , that is , one or more electronic documents attesting a unique association between a public key and the identity of a subj ect , for instance , attesting a unique association between a public key and a corresponding elM .
  • a di f ferent set of data comprising configuration data of a corresponding elM 112 is to be sent to the eUICC for loT devices 102 for each of the elMs 112 that is to be associated with such eUICC 102 , therefore , a command ADD elM may be sent by each of the elMs 112 that is to be associated with the eUICC 102 .
  • an elM 112 may be associated with an eUICC for loT devices 102 at any time in the li fecycle of such eUICC for loT devices 102 , and a single eUICC for loT devices 102 may be associated with more than one elM 112 .
  • the set of data comprising configuration data of such additional elM 112 is to be sent , for instance , by an elM that is already associated with such eUICC for loT devices 102 , to such eUICC for loT devices 102 .
  • the sending of such set of data may be done , for instance , using a command ADD elM comprising such set of data of the additional elM 112 and sending such ADD elM command from such already associated elM to the eUICC for loT devices 102 , for instance , through the network N .
  • an elM 112 (for instance , a first elM to be associated with an eUICC ) may be associated by IDA with an eUICC for loT devices 102 by sending a set of data comprising configuration data of such elM 112 to the eUICC 102 .
  • These configuration data may be used for instance for veri fication of profile state manage operation .
  • the sending of such set of data may be done , for instance , using a command ADD elM, that is , an ADD Ini tial EIM command in case of a first elM association, comprising such set of data and sending such ADD Ini tial elM command from the IDA directly to the eUICC for loT devices 102 , for instance , without using the network N .
  • a command ADD elM that is , an ADD Ini tial EIM command in case of a first elM association, comprising such set of data and sending such ADD Ini tial elM command from the IDA directly to the eUICC for loT devices 102 , for instance , without using the network N .
  • such ADD Ini tial elM command send by the IDA to the eUICC for loT devices 102 shall not comprise a signature in the set of data of the first elM, while further ADD elM commands that associate additional elMs to the eUICC for loT devices 102 shall comprise a digital cryptographic s ignature in the set of data of such additional elMs 112 to allow the eUICC 102 to authenticate the set of data .
  • such eUICC 102 may be configured to process commands coming from such elM 112 , such commands being signed with an elM private key of an asymmetric key pair, such asymmetric key pair comprising the elM private key and an elM public key, and veri fied on the eUICC side with the elM public key of the asymmetric key pair, for instance , stored by the eUICC 102 .
  • the association of the elM 112 and the eUICC 102 may be ended by deleting the set of data comprising the configuration data of the elM 112 from the OS of such eUICC for loT devices 102 .
  • the deletion may be performed using a command DELETE elM indicating which elM is to be deleted .
  • Such command DELETE elM is sent from an associated elM or from a backend system to the eUICC for loT devices 102 through the network N, for instance .
  • a sequences of commands for instance the whole sequence of commands starting from an ADD elM command used to associate an elM with an eUICC 102 to REMOTE administration commands performed by such associated elM constituting a session, may be subj ect to replay attacks .
  • Replay attacks consist in sni f fing and resending previously sent command or a session to the eUICC for loT devices 102 .
  • each associated elM may be given an association token AT .
  • the GSMA SGP . 32 standard defines that an association token AT may be used for replay protection .
  • the value of such association token AT may correspond to the value of a global counter provided on the eUICC 102 , such global counter being configured to start at zero and to be incremented in order to generate the next association token each time an association token is requested, that is , the first value of the association token will be 1 .
  • Such global counter is not resettable by any mechanism, for instance , by an eUICC Memory Reset .
  • an association token AT may either : be chosen by an elM 112 associated with an eUICC for loT devices 102 and included in the ADD elM command, or the associated elM 112 may ask the eUICC for loT devices 102 , using a dedicated request command or by including the request in the ADD elM command, to generate it starting from an internally managed global sequence counter 120 .
  • Such global counter 120 may be implemented with a monotonic counter, that can be only increased by one .
  • association token AT is chosen by the elM 112 and included in the ADD elM command
  • the eUICC for loT devices 102 may be configured to store such association token AT , for instance , in the OS ("Operating System" ) of such eUICC 102 , in order to use it for further REMOTE administration commands .
  • association token AT is generated by the global sequence counter 120 of the eUICC for loT devices 102
  • the eUICC for loT devices 102 may be configured to store such association token AT in order to use it for further REMOTE administration commands , for instance , to check an elM signature that is based on such association token AT , and to send, for instance , in a first administration command, to the elM 112 the association token AT selected, for instance , so that such elM 112 can use the association token AT to sign further REMOTE administration commands .
  • all the subsequent REMOTE administration commands exchanged between eUICC for loT device 102 and associated elM 112 may be signed on the basis of such associated token AT , such association token AT being an expected association token AT .
  • Figure 2 illustrates a signal diagram 20 comprising example signals forwarded by the network N used by the architecture 10 , in particular by the wireless interfaces of the interfaces described in Figure 1, to an eUICC for loT devices 102.
  • the example scenario of Figure 2 comprises: a first operation T1 comprising associating a first elM 112i with an eUICC for loT devices 102 through a first ADD Initial elM command 200 (comprising a first set of configuration data Di of the first elM 112i) with an association token ATi equal to, for instance, 4, such association token ATi being chosen by the first elM 112i and included in the first ADD Initial elM command 200, therefore, the configuration data Di of the first elM 112i are stored on the eUICC for loT devices 102 with an association token ATi of value equal to 4; a second operation T2 comprising associating additional elMs, that is, a second, a third, and a fourth, elMs 1122, 112s, and 1124, with the eUICC for loT devices 102 through respective ADD elM commands 202, for instance, 2022, 202s, and 202 respectively (
  • the first elM 112i is associated again to such eUICC for loT devices 102 with a corresponding new association token ATN equal to the previous one ATi (that is , equal to 4 ) .
  • the configuration data Di of the first elM 112i are stored again on the eUICC for loT devices 102 with the new association token ATN of value equal to 4 .
  • the first elM 112i is associated again with the eUICC for loT devices 102 using a same association token, that is , the new association token ATN , as the one used for the previous association, that is , the association token ATi (that is , 4 in the reported example ) .
  • the eUICC 102 deletes , in the fourth operation T4 , the configuration data of the elMs and the corresponding association tokens .
  • the global sequence counter 120 managed by the eUICC 102 is not af fected by such DELETE command and so its value can be used to discard ADD elM commands that comprise association tokens with values lower than the actual value to be selected by the global sequence counter .
  • such ADD Initial elM command can be sni f fed and modi fied by a mal icious entity, requesting a generation of the association token AT at the eUICC 102 , that is , on card token generation .
  • a malicious entity may send the ADD Initial elM command 200 , requesting on card token generation . Since the generated association token has a value that is higher than the last value selected by the global sequence counter 120 , such the ADD Initial elM command 200 is accepted by the eUICC for loT devices 102 . Thus , the eUICC 102 is deceived to believe that it is associated with the first elM 112i .
  • the ADD Initial elM command can be accepted by the eUICC for loT devices 102 , and the sequence of remote administration commands 204 sent during the third operation T3 may be sent again by the malicious entity . Since such remote administration commands 204 are signed based on the correct association token value (that is , 4 in the example ) they may be accepted and executed by such eUICC 102 .
  • the malicious entity can send the whole sequence ( Tl ; T3 ) as is , with no modifications , and i f the association token AT associated with such sequence is greater than or equal to the actual value that is to be selected by the global sequence counter 120 managed by eUICC 102 , the commands comprised in such sequence , that is , in the session of the first elM 112i, can still be accepted .
  • the ADD Initial elM command 200 may be sent again, requesting on card token generation . It is noted that this sending operation, requesting the on-card token generation, do not af fect the command acceptance by the eUICC 102 since such command do not comprise a signature as it is sent by the IDA.
  • the global sequence counter 120 holds , in the described scenario , the same value as the association token ATi associated to the first elM 112i, that is , 4 , thus , the whole sequence of remote administration commands 204 sent during the third operation T3 can be sent again .
  • the ADD Initial elM command for instance , the ADD Initial elM command 200
  • the ADD Initial elM command 200 may be sent again with no modi fications , thus , carrying the association token ATi ( i f the ADD Initial elM command 200 is considered) or any other association token AT of value higher than or equal to the actual value that is to be selected by the global sequence counter 120 .
  • a malicious entity may sni f f the ADD Initial elM command 200 sent during the first operation T1 and the remote administration commands 204 sent during the administrative session T3 in order to try to use them for a replay attack .
  • the previously sent session of the first elM 112i starting from the first ADD Initial elM command 200 to the remote administration commands 204 , possibly sni f fed, may be sent again to the eUICC for loT devices 102 in order to start again the administrative session T3 that already occurred previously .
  • such first ADD Initial elM command 200 and such remote administration commands may be used in a replay attack since the eUICC for loT devices 102 is deceived to execute the operations indicated by such first ADD Initial elM command 200 and such remote administration commands 204 in response to their reception .
  • the eUICC 102 may be deceived by the reception, after such fourth operation T4 , of the first ADD Initial elM command 200 and the remote administration commands , possibly sni f fed, sent during such first and third operations T1 and T3 as the information related to the association token stored therein, that is , the association token ATi or a sign based thereon, has a value that is equal to ( or possibly higher than) the expected association token, that is , actual value to be selected by the global sequence counter 120 .
  • association token AT may not ensure that each session is unique .
  • An obj ect of one or more embodiments is to contribute in providing solutions facilitating preventing replay attacks in order to increase the security of the eUICCs for loT devices .
  • One or more embodiments concern a corresponding device .
  • One or more embodiments concern a corresponding system architecture .
  • Solutions as described herein include a method suitable for associating in a communication network an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices with at least one remote manager module using a respective association token said eUICC for loT devices comprising an association token counter with a counter value , said method comprising at the eUICC for loT devices : receiving an association request from a first remote manager module the association request indicating to associate said eUICC for loT devices with said first remote manager module using a first association token comprised in said association request ; and updating, in response to the reception of the association request by the eUICC for loT devices and to said first association token being higher than the counter value , said counter value with the value of the first association token comprised in the received association request .
  • said method further comprises : receiving an additional association request from a second remote manager module the additional association request indicating to associate said eUICC for loT devices with said second remote manager module and to provide by the eUICC for loT devices a second association token; incrementing, in response to the reception of the additional association request by the eUICC for loT devices said counter value , obtaining an incremented counter value ; and providing the incremented counter value to the second remote manager module as the second association token .
  • said incrementing performed by said eUICC for loT devices comprises : generating, through said association token counter a sequence of values comprising an actual value to be selected at said eUICC for loT devices said actual value to be selected being the incremented counter value , in response to the reception of the additional association request sent by said second remote manager module to the eUICC for loT devices selecting, in particular through said association token counter the actual value to be selected as the second association token said actual value to be selected becoming a last selected value , and selecting, in particular through said association token counter the value in said sequence of values following said last selected value as next actual value to be selected .
  • said updating performed by said eUICC for loT devices comprises : generating, in particular through said association token counter a sequence of values comprising an actual value to be selected at said eUICC for loT devices in response to the reception of the association request by the eUICC for loT devices and to said first association token being higher than or equal to the actual value to be selected, selecting, in particular through said sequence counter the value in said sequence of values equal to the first association token as a last selected value , and selecting, in particular through said sequence counter the value in said sequence of values following said last selected value as next actual value to be selected .
  • said remote manager module is configured to perform profile state management operations in said eUICC for loT devices through profile state management commands signed by the remote manager module on the basis of the respective association token .
  • said remote manager module is an eS IM loT remote Manager, elM .
  • said association token counter cannot be resetted .
  • said method comprising at the eUICC for loT devices : receiving a dissociation request from the first remote manager module the dissociation request indicating to dissociate said eUICC for loT devices from said first remote manager module ; receiving a second association request from the first remote manager module the second association request indicating to associate again said eUICC for loT devices with said first remote manager module using a new association token comprised in the second association request , and updating, in response to the reception of the second association request by the eUICC for loT devices and to said new association token being higher than the counter value , said counter value with the value of the new association token comprised in the received second association request .
  • said method comprising at the eUICC for loT devices : receiving a dissociation request from the first remote manager module the dissociation request indicating to dissociate said eUICC for loT devices from said first remote manager module ; receiving a second association request from the first remote manager module the second association request indicating to associate again said eUICC for loT devices with said first remote manager module and to provide by the eUICC for loT devices a new association token and incrementing, in response to the reception of the second association request by the eUICC for loT devices said counter value , obtaining an incremented counter value ; and providing the incremented counter value to the first remote manager module as the new association token .
  • the method comprising at the eUICC for loT devices : receiving a further association request from a further remote manager module , the further association request indicating to associate said eUICC for loT devices with said further remote manager module using a further association token comprised in said further association request ; and discarding, in response to the reception of the further association request by the eUICC for loT devices and to said further association token being smaller than or equal to the counter value , said further association request .
  • the embedded Universal Integrated Circuit Cards , eUICC for Internet of Things , loT devices is operated according to the GSMA SGP . 32 standard .
  • said association request is comprised in an ADD elM command, said ADD elM command being sent by the first remote manager module to the eUICC for loT devices and indicating to associate said first remote manager module with said eUICC for loT devices using configuration data of said first remote manager module and said first association token .
  • Figure 1 illustrates a general architecture of a system for remotely provisioning and managing an eUICC for loT devices ;
  • Figure 2 illustrates a signal diagram comprising example signals forwarded by a network used by an architecture according to Figure 1 to an eUICC for loT devices in an example scenario that is vulnerable to replay attacks when using the GSMA SGP . 32 standard;
  • Figure 3 illustrates a general architecture of an eUICC for loT devices according to embodiment of the present description.
  • Figure 4 illustrates a signal diagram comprising example signals forwarded by a communication network used by an architecture according to Figure 1 to an eUICC for loT devices in a same example scenario as that of Figure 2 but using a method for token generation according to embodiments of the present description .
  • speci fic details are illustrated, aimed at providing an in-depth understanding of examples of embodiments of this description .
  • the embodiments may be obtained without one or more of the speci fic details , or with other methods , components , materials , etc .
  • known structures , materials , or operations are not illustrated or described in detail so that certain aspects of embodiments will not be obscured .
  • references to "an embodiment” or “one embodiment” in the framework of the present description is intended to indicate that a particular configuration, structure , or characteristic described in relation to the embodiment is comprised in at least one embodiment .
  • phrases such as “ in an embodiment” or “ in one embodiment” that may be present in one or more points of the present description do not necessarily refer to one and the same embodiment .
  • solutions disclosed herein aim at preventing replay attacks as that described above in order to increase the security of the eUICCs for loT devices .
  • the vulnerability to replay attacks of the previously described scenario may arise from the management of the association tokens AT and, in particular, of the global sequence counter 120 of the eUICC for loT devices 102 .
  • such global sequence counter 120 is never erased (that is , resetted) in response to an elM 112 choosing an association token AT that is to be associated with the eUICC for loT devices 102 or to such elM 112 asking the eUICC for loT devices 102 to generate the association token AT , that is , is not set to zero in response to any association token AT generation .
  • such global sequence counter 120 is never modi fied (that is , set to a di f ferent value ) in response to an elM 112 choosing an association token AT that is to be associated with the eUICC for loT devices 102 , that is , is not set to any di f ferent value in response to such elM 112 choosing an association token AT value .
  • the value of the global sequence counter 120 is not be af fected .
  • any other value is considered for the first actual value to be selected by the global sequence counter 120 of the eUICC for loT devices 102 , that is , any other value is considered as the first value of the global sequence counter , referred to as a first actual value to be selected, and any other value is considered for the association token AT selected by the first elM 112i, that is , any other association token AT value is chosen by the first elM 112 during the first operation Tl , re ferred to as a second value , provided that such first actual value to be selected is lower than or equal to such second value .
  • Such first actual value to be selected corresponds to the value that is to be selected by such global sequence counter 120 at the beginning of the considered scenario
  • an actual value to be selected by the global sequence counter 120 is a value following a last selected value in a sequence of values generated by the global sequence counter 120 .
  • I f the known token generation and management described in Figure 2 is used, given a first actual value to be selected for the global sequence counter 120 and a second value for the association token AT selected by the first elM 112 i, such second value being higher than or equal to such first actual value to be selected, the number of additional elMs that are to be associated with a corresponding eUICC for loT devices 102 after the first elM 112i ( through respective ADD elM commands 202 ) in order to result in a scenario vulnerable to replay attacks is equal to the di f ference between the second value and the first actual value to be selected .
  • the replay attack may be ef fective i f no additional elMs after the first elM 112i are added, that is , i f no ADD elM commands 202 is sent by the network N to the eUICC for loT devices 102 .
  • an elM 112 is to be associated with an eUICC for loT devices 102 according to embodiments of solutions described herein, for instance , using an ADD elM command comprising configuration data D of such elM 112 , such eUICC for loT devices 102 may generate the association token AT using a di f ferent method, such method comprising : in response to a request sent , for instance , by using the ADD elM command, by the elM 112 to such eUICC for loT devices 102 indicating to generate the corresponding as sociation token AT , selecting, through the global sequence counter 120 of the eUICC for loT devices 102 , the actual value to be selected in the sequence of values generated by the global sequence counter 120 as association token AT , such actual value to be selected becoming a last selected value ; in response to such association token AT being selected by the elM 112 ( and therefore sent to the eUICC 102 using the ADD
  • Figure 3 illustrates a general architecture 40 o f an eUICC for loT devices 102 according to embodiment of the present description .
  • the general architecture 40 of Figure 3 comprises a control unit 122 , for instance , a processor of the eUICC 102 , a logic control unit , a microcontroller, a microprocessor, or the like , configured to provide control signals to the global sequence counter 120 .
  • a control unit 122 for instance , a processor of the eUICC 102 , a logic control unit , a microcontroller, a microprocessor, or the like , configured to provide control signals to the global sequence counter 120 .
  • control signals may be sent by the OS of such eUICC for loT devices 102 , for instance , running on the processor 122 of the eUICC 102 , when an elM 112 is added, for instance , through an ADD elM command, with a corresponding association token AT .
  • control signals may indicate to select , i f the eUICC 102 is requested to generate an association token AT , the actual value to be selected in the sequence of values generated by the global sequence counter 120 as association token AT .
  • control signals may indicate to select , i f an as sociation token AT selected by the elM 112 is higher than or equal to the actual value to be selected by the global sequence counter 120 , the value in the sequence of values generated by the global sequence counter 120 equal to the association token AT selected by the elM 112 as the last selected value .
  • control unit 122 may be comprised in the eUICC for loT devices 102 , in particular it may be comprised in the global sequence counter 120 , in a global sequence counter management unit .
  • Figure 4 illustrates a signal diagram 30 comprising example signals forwarded by the network N used by the architecture 40 of Figure 3 , in particular by the wireless interfaces of the interfaces described therein, to an eUICC for loT devices 102 in a same example scenario as that of Figure 2 but using a method for the generation of an association token AT according to embodiments of the present description .
  • association tokens AT reported in the following description are disclosed herein by way of example only, and, there fore , are not intended to limit the scope of protection of the present document .
  • any other value is considered for the first actual value to be selected by the global sequence counter 120 of the eUICC for loT devices 102 , and any other value is considered for the association token AT selected by the first elM 112 i, provided that such first actual value to be selected by the global sequence counter 120 is lower than or equal to the value selected for the association token AT by the first elM 112i .
  • the example scenario of Figure 4 comprises : a first operation Ti l comprising associating a first elM 112i with an eUICC for loT devices 102 through a first ADD Initial elM command 300 ( comprising a first set of configuration data Di of the first elM 112i ) with an association token ATi equal to , for instance , 4 , such association token ATi being chosen by the first elM 112i and included in the first ADD Initial elM command 300 . Therefore , the configuration data Di of the first elM 112i are stored on the eUICC for loT devices 102 with an association token ATi of value equal to 4 .
  • association token ATi is chosen by the first elM 112i and the value chosen for such association token ATi is higher than ( or equal to ) the first actual value to be selected by the global sequence counter 120 ( supposing that the first actual value to be selected by the global sequence counter 120 is the first value one )
  • the last selected value in the sequence of values generated by the global sequence counter 120 is updated to the value of the chosen association token ATi, that is , to 4 , so that the next actual value to be selected by the global sequence counter 120 as next association token AT is 5 ;
  • a second operation T12 comprising associating additional elMs , that is , a second, a third, and a fourth elMs 1122 , 112s, and 1124 with the eUICC for loT devices 102 through respective ADD elM commands 302 , for instance , 3022 , 302s, and 302 respectively ( comprising respective set of configuration data D2 , D3, and D4 of the additional
  • the configuration data D2 , D3, and D4 of the second, the third, and the fourth elMs 1122 , 1123, and 1124 are stored on the eUICC for loT devices 102 with respective association tokens of values equal to 5 , 6 , and 7 ; a third operation T13 comprising having an administrative session comprising remote administration commands 304 (signed on the basis of the association token ATi equal to 4) among the first elM 112i (which is configured to send such remote administration commands) and the eUICC for loT devices 102 (which is configured to execute the operations indicated by such remote administration commands) ; a fourth operation T14 comprising deleting the configuration data Di, D2, D3, and D4 of the elMs 112i, 1122, 1123, and 1124 through deletion commands, specifically DELETE elM commands, 306 (it is noted that the global sequence counter 120 is not affected by such delete operation) , therefore, the configuration data Di, D2, D3, and D4 of the e
  • the first elM 112i is associated with the eUICC for loT devices 102 using a different association token, that is, the new association token ATN with value, for instance, equal to 8 instead of 4, that is, the example value of the value of the association token ATi.
  • a malicious entity may sniff the remote administration commands 304 sent during the administrative session T13 in order to try to use them for a replay attack but, differently from the case of Figure 2, the previously sent remote administration commands, possibly sniffed, may be discarded by the eUICC for loT devices 102 since the expected association token used to sign the remote administration commands, that is, the new association token ATN, (8 in the example of Figure 4) is different from the one sniffed and forwarded by the malicious entity through the signature of the remote administration commands 304 sent during the administrative session T13, that is, the association token ATi (4 in the example of Figure 4) .
  • the previously sent remote administration commands, possibly sniffed may be sent again to the eUICC for loT devices 102, but such remote administration commands, possibly sniffed, may be discarded since the signature comprised therein is based on the association token, that is, the association token ATi, for instance, of value equal to 4, that is different from the expected one, that is, the new association token ATN, for instance, of value equal to 8.
  • the previously sent remote administration commands possibly sniffed, may not be used in a replay attack if the method for the generation of the association token AT described herein is used.
  • a solution using the method for the generation of association tokens AT as described herein comprises an eUICC for loT devices 102 that may not be deceived by the reception of previously sent remote administration commands, possibly sniffed, thus, preventing replay attacks in scenarios as described above.
  • solutions as described herein comprise a method suitable for associating in a communication network, for instance , the network N, an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices 102 with at least one remote manager module , for instance , one or more elMs 112 , using a respective association token AT , such eUICC for loT devices 102 comprising an association token counter, for instance , the global sequence counter 120 , with a counter value , that is , a value preceding the actual value to be selected by the global sequence counter 120 , such method comprising at the eUICC for loT devices 102 : receiving an as sociation request , for instance , comprised in or corresponding to an ADD elM command, from a first remote manager module 112 , for instance , the first elM 112 i, the association request indicating to associate such eUICC for loT devices 102 with such first remote manager module 112 using a first association token AT
  • such method may further comprise : receiving an additional association request , for instance , comprised in or corresponding to an additional ADD elM command, from a second remote manager module , for instance , the second elM 1122 , the additional association request indicating to associate such eUICC for loT devices 102 with such second remote manager module 1122 , for instance , by storing configuration data of the second remote manager module , for instance , the configuration data D2 of the second elM 1122 , in the eUICC for loT devices 102 , and to provide by the eUICC for loT devices 102 a second association token, for instance , the association token AT2 ; incrementing, in response to the reception of the additional association request by the eUICC for loT devices 102 , such counter value , obtaining an incremented counter value , that is , the actual value to be selected by the global sequence counter 120 ; and providing the incremented counter value to the second remote manager module 1122 as the second association token AT
  • such method may comprise at the eUICC for loT devices 102 : receiving a further association request from a further remote manager module , for instance , an elM 112 , the further association request indicating to associate such eUICC for loT devices 102 with such further remote manager module 112 using a further association token AT comprised in such further association request ; and discarding, in response to the reception of the further association request by the eUICC for loT devices 102 and to such further association token AT being smaller than or equal to the counter value , such further association request .
  • the incrementing performed by such eUICC for loT devices 102 may comprise : generating, through such association token counter 120 , a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , such actual value to be selected being the incremented counter value , in response to the reception of the additional association request sent by such second remote manager module 1122 to the eUICC for loT devices 102 , selecting, in particular through such association token counter 120 , the actual value to be selected as the second association token AT2 , such actual value to be selected becoming a last selected value , and selecting, in particular through such association token counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
  • the updating performed by such eUICC for loT devices 102 may comprise : generating, in particular through such association token counter 120 , a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , in response to the reception of the association request by the eUICC for loT devices 102 and to such first association token AT , for instance , the association token ATi, being higher than or equal to the actual value to be selected, selecting, in particular through such sequence counter 120 , the value in such sequence of values equal to the first association token AT as a last selected value , and selecting, in particular through such sequence counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
  • solutions as described herein comprise a method for managing profiles in an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices , for instance , the eUICC for loT devices 102 , such eUICC for loT devices 102 being configured to be associated with a remote manager module configured to perform profile state management operations in such eUICC, for instance , an elM 112 , using an association token AT , such method comprising performing a token generation operation at such embedded Universal Integrated Circuit Card 102 , such token generation operation comprising generating a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , in particular by a global sequence counter, for instance , the global sequence counter 120 comprised in the eUICC for loT devices 102 , wherein such token generation operation comprises : in response to a request , for instance , an ADD elM command, sent by such remote manager module 112 to the eUICC for loT devices 102 indicating
  • the method may comprise at the eUICC for loT devices 102 : receiving a dis sociation request , for instance , comprised in or corresponding to a DELELTE elM command, from the first remote manager module , for instance , an elM 112 , for instance , the first elM 112i, the dissociation request indicating to dissociate such eUICC for loT devices 102 from such first remote manager module 112 , that is , indicating to delete the configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, from the eUICC for loT devices 102 ; receiving a second association request , for instance , comprised in or corresponding to a second ADD elM command, from the first remote manager module 112 , the second association request indicating to associate again such eUICC for loT devices 102 with such first remote manager module 112 using a new association token, for instance ,
  • such method may comprise at the eUICC for loT devices 102 : receiving a dis sociation request , for instance , comprised in or corresponding to a DELELTE elM command, from the first remote manager module , for instance , an elM 112 , for instance , the first elM 112i, the dissociation request indicating to dissociate such eUICC for loT devices 102 from such first remote manager module 112 , that is , indicating to delete the configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, from the eUICC for loT devices 102 ; receiving a second association request , for instance , comprised in or corresponding to a second ADD elM command, from the first remote manager module 112 , the second association request indicating to associate again such eUICC for loT devices 102 with such first remote manager module 112 , for instance , by storing configuration data of the first
  • the remote manager module may be configured to perform profile state management operations in the eUICC for loT devices 112 through profile state management commands , for instance , one or more remote administration commands , signed by the remote manager module 112 on the basis of the respective association token AT .
  • association token counter 120 cannot be resetted .
  • the remote manager module configured to perform profile state management operations in the eUICC 102 may be an eS IM loT remote Manager, elM 112 .
  • the embedded Universal Integrated Circuit Cards , eUICC for Internet of Things , loT devices 102 may be operated according to the GSMA SGP . 32 standard .
  • association token AT may be comprised in an ADD elM command, for instance , the example ADD Initial elM command 300 or 302 , such ADD elM command being sent by the remote manager module 112 to the eUICC for loT devices 102 and indicating to associate such remote manager module 112 with such eUICC for loT devices 102 using configuration data D o f such remote manager module 112 and such association token AT .
  • an ADD elM command for instance , the example ADD Initial elM command 300 or 302 , such ADD elM command being sent by the remote manager module 112 to the eUICC for loT devices 102 and indicating to associate such remote manager module 112 with such eUICC for loT devices 102 using configuration data D o f such remote manager module 112 and such association token AT .
  • Solutions as described herein facilitate preventing replay attacks using an enhanced method for token generation .
  • solutions as described herein facilitate preventing replay attacks in eUICCs for loT devices in order to increase the security of such eUICCs for loT devices .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Method for associating an embedded Universal Integrated Circuit Card, eUICC for Internet of Things, IoT devices (102) with at least one remote manager module (112) using a respective association token (AT), said eUICC for IoT devices (102) comprising an association token counter (120) with a counter value, said method comprising at the eUICC for IoT devices (102): receiving an association request from a first remote manager module (112), the association request indicating to associate said eUICC for IoT devices (102) with said first remote manager module (112) using a first association token (AT) comprised in said association request; and updating, in response to the reception of the association request by the eUICC for IoT devices (102) and to said first association token (AT) being higher than the counter value, said counter value with the value of the first association token (AT) comprised in the received association request.

Description

"Method for associating an embedded Universal Integrated Circuit Card with a remote manager module , corresponding device and system architecture"
★ ★ ★ ★
Technical field
The description relates to integrated circuit cards .
One or more embodiments can be applied to integrated circuit cards such as , for instance , embedded UICCs , eUICCs .
Background
Integrated circuit cards such as Universal Integrated Circuit Cards , UICCs are widely used in a variety of contexts and applications such as in mobile terminals (mobile network devices ) in order to facilitate establishing a connection with the Global System for Mobile Communications , GSM or the Universal Mobile Telecommunications System, UMTS networks , maintaining the integrity and security of personal data .
Embedded UICCs , eUICCs are a type of integrated circuit card based on architectural standards published by the GSM Association, GSMA and configured to facilitate a secure storage of one or more S IM ("Subscriber Identity Module" ) card profiles , each of such one or more S IM card profiles comprising unique identi fiers and cryptographic keys used by a cellular network service providers in order to uniquely identi fy each of the profiles .
For instance , such profiles may be used in a mobile network device comprising a corresponding eUICC, thus , enabling such mobile network device to register and securely communicate via the cellular network .
The technical speci fication of the GSMA SGP . 32 standard facilitates broadening the use of such eUICCs to loT (" Internet of Things" ) devices by describing the architecture of the eSIM loT system, that is, of an eUICC for loT devices (see, for instance, eSIM loT Technical Specification, Version 1.0.1, 04 July 2023) . loT devices may be devices comprising sensors, processing ability, software and/or other technologies that can be configured to connect and exchange data with other devices and/or systems over the Internet or other communications networks, for instance, the cellular network .
The general architecture of a system for remotely provisioning and managing an eUICC for loT devices is illustrated in Figure 1.
Figure 1 illustrates an loT device 100 comprising: an eUICC for loT devices 102, such eUICC for loT devices 102 comprising an ISD-R ("Issuer Security Domain - Root") block 104 and an ISD-P ("Issuer Security Domain - Profile") block 106 that comprises an MNO-SD ("Mobile Network Operator Security Domain") block 108; and an IPAd ("loT Profile Assistant in the loT Device") block 110 configured to serve as a proxy between the eUICC for loT devices 102 and an eSIM loT remote Manager, elM 112.
The eUICC for loT devices 102, in particular, its ISD-R block 104, may be configured to be interfaced with the IPAd block 110 through: a first IPA--eUICC interface ESlOa, for performing profile download and installation operations and handling profile discovery, and a second IPA--eUICC interface ESlOb, for performing generic eUICC package download and execution.
The IPAd block 110 may be configured to be interfaced with the elM 112 through an eIM--IPA interface ESipa, for performing profile download and installation operations. Such eIM--IPA interface ESipa may be used for triggering profile download at the IPAd block 110 and for providing a secure transport of the downloaded profiles to the eUICC for loT devices 102 .
The elM 112 is a module , usually a software implemented module , for instance , a server, configured to be external to the loT device 100 and configured to perform profile state management operations .
The profile state management operations may comprise for instance , sending profile state management packages to the eUICC for ToT devices 102 , enable , disable , and delete profiles or to trigger profile downloads at eUICC of the loT devices . The elM 112 can either be a stand-alone component or a component of a higher-level functional system ( e . g . , device management platform) .
Such elM 112 may be configured to manage a single device , for instance , the loT device 100 , or a plurality of loT devices , facilitating the management of such devices and their profiles .
To manage a given device , such elM 112 may be configured to be interfaced with the eUICC for loT devices 102 of such given device through an eIM--eUICC interface ESep, such eIM--eUICC interface ESep being a logical end-to-end interface between elM 112 and such eUICC for loT devices 102 used to trans fer eUICC packages for profile state management and elM configuration data by the elM 112 .
The eUICC packages for profile state management may comprise a REMOTE administration command or a plurality of REMOTE administration commands , that is , a session . A session could comprise even a single command .
Such REMOTE administration commands may comprise , for instance , the following types of commands : an enable command, used to enable an installed profile in the eUICC 102 ; a disable command, used to disable an enabled profile in the eUICC 102 ; a delete command, used to delete an installed profile in the eUICC 102 ; a list of profile information command, used by the elM 112 to retrieve a list of profile information for installed profiles , including their current state , that is , enabled or disabled, and their associated profile metadata ; a get RAT ( "Rules Authorisation Table" ) command, used by the elM 112 to retrieve the Rules Authorisation Table , RAT from the eUICC 102 ; a configure auto-enable command, used to configure an automatic enabling of a profile in the eUICC 102 ; an ADD elM command, used to add an associated elM 112 to the eUICC 102 by providing elM configuration data ; an update elM command, used to update elM configuration data within the eUICC 102 ; a DELETE elM command, used to delete an associated elM 112 from the eUICC 102 ; and/or a list elM command, used by the elM 112 to request the eUICC 102 to provide a list of currently configured associated elMs .
Such elM 112 is further configured to communicate with : a SM-DP+ ("Subscription Manager Data Preparation +" ) block 114 , which is a server configured to prepare , store , and deliver digital eS IM profiles based on information obtained from an operator 116 through an operator--SM-DP+ interface ES2+ , such operator--SM-DP+ interface ES2+ being used by the operator to request the preparation of a profile for one or more eUICCs for loT devices 102 and for other administrative functions , and a SM-DS ("Subscription Manager Discovery Server" ) block 118 , which is a server configured to hold a list of the pro files that are available to each of the considered devices .
The communication between the elM 112 and the SM- DP+ block 114 may be implemented through an eIM--SM-DP+ interface ES 9+ ' , such eIM--SM-DP+ interface ES 9+ ' being used for profile download and installation and being secured with an HTTPS ("HyperText Trans fer Protocol Secure" ) protocol in server authentication mode .
The communication between the elM 112 and the SM- DS block 118 may be implemented through an eIM--SM-DS interface ES 11 ' , such eIM--SM-DS interface ES 11 ' being used to retrieve records of the events between such elM 112 and such SM-DS block 118 and being secured by TLS ("Transport Layer Security" ) in server authentication mode .
In addition, such SM-DP+ block 114 may be configured to be interfaced with the SM-DS block 118 through an SM- DS — SM-SP+ interface ES 12 , such SM-DS — SM-SP+ interface ES 12 being used by the SM-DP+ block 114 to manage event registrations and event deletions on the SM-DS block 118 .
The MNO-SD block 108 may be configured to be interfaced with the operator 116 through an operator-- eUICC interface ES 6 , such operator--eUICC interface ES 6 being used by the operator in order to manage their profiles stored within the eUICC for loT devices 102 via OTA ( "Over-The-Air" ) services .
The IPAd block 110 may be further configured to be interfaced with the SM-DP+ block 114 through an IPA--SM- DP+ interface ES 9+ , such IPA--SM-DP+ interface ES 9+ being used for providing a secure transport of profile packages between the SM-DP+ block 114 and the IPAd block 110 , for instance , using an HTTPS ("HyperText Trans fer Protocol Secure" ) protocol in server authentication mode to communicate .
In addition, such IPAd block 110 may be further configured to be interfaced with the SM-DS block 118 through an IPA--SM-DS interface ES 11 , such IPA--SM-DS interface ES 11 being used to retrieve records of events between such IPAd block 110 and such SM-DS block 118 and being secured by TLS ("Transport Layer Security" ) in server authentication mode .
The eUICC for loT devices 102 may be further configured to be interfaced with the SM-DP+ block 114 through an SM-DP+--eUICC interface ES 8+ , such SM-DP+-- eUICC interface ES 8+ being configured to couple the ISD- P block 106 of the eUICC for loT devices 102 with the SM-DP+ block 114 in order to provide a secure end-to-end channel between them for the administration of such ISD- P block 106 and the associated profiles during download and installation operations .
Such coupling provided by such SM-DP+--eUICC interface ES 8+ may be intended to be tunnelled either over : the IPA--SM-DP+ interface ES 9+ and the second IPA--eUICC interface ES l Ob for a direct profile download, that is , wherein the IPAd block 110 can directly communicate with the SM-DP+ block 114 , or the elM — SM-DP+ interface ES 9+ ' , the elM — IPA interface ESipa, and the second IPA--eUICC interface ES l Ob for an indirect profile download, that is , wherein the IPAd block 110 communicates with the SM-DP+ block 114 via the elM 112 .
In the general architecture of the system for remotely provisioning and managing eUICCs for loT devices 102 as described in Figure 1 , such eUICC for loT devices 102 is to be associated with at least one elM 112 before being able to do any profile state management operations .
Such association between the eUICC for loT devices 102 and the at least one elM 112 may be done by exchanging data .
For instance , the elM may send to the eUICC for loT devices 102 , through the eIM--eUICC interface ESep implemented on a communication network N, at least one set of data comprising configuration data of the at least one elM 112 .
For instance , such association may be performed through a command ADD elM compri sing such at least one set of data and sent by the at least one elM 112 to the eUICC for loT devices 102 , for instance , using the elM- -eUICC interface ESep implemented over the communication network N .
Such set of data may be sent either by the elM 112 itsel f ( as previously described) already associated with the eUICC or by the IDA in case of the first elM adding .
In response to the reception of the at least one set of data comprising the configuration data of the at least one elM 112 , that is , in response to the reception of a command ADD elM, the eUICC for loT devices 102 is configured to store such set of data, for instance , in the OS ("Operating System" ) of such eUICC 102 .
After such storing operation, the eUICC for loT devices 102 and the elM 112 may be considered associated .
For instance , a set of data comprising configuration data of a corresponding elM 112 may comprise : an elM ID, that is , an elM identi fier, unique for each of the elMs associated with a corresponding eUICC for loT devices , for instance , a text string, one or more elM keys , for instance , a public key of an asymmetric key pair, a private key of an asymmetric key pair, or the like , and one or more elM certi ficates , that is , one or more electronic documents attesting a unique association between a public key and the identity of a subj ect , for instance , attesting a unique association between a public key and a corresponding elM .
It is noted that a di f ferent set of data comprising configuration data of a corresponding elM 112 is to be sent to the eUICC for loT devices 102 for each of the elMs 112 that is to be associated with such eUICC 102 , therefore , a command ADD elM may be sent by each of the elMs 112 that is to be associated with the eUICC 102 .
In addition, an elM 112 may be associated with an eUICC for loT devices 102 at any time in the li fecycle of such eUICC for loT devices 102 , and a single eUICC for loT devices 102 may be associated with more than one elM 112 .
In order to associate an additional elM 112 with an eUICC for loT devices 102 , the set of data comprising configuration data of such additional elM 112 is to be sent , for instance , by an elM that is already associated with such eUICC for loT devices 102 , to such eUICC for loT devices 102 .
The sending of such set of data may be done , for instance , using a command ADD elM comprising such set of data of the additional elM 112 and sending such ADD elM command from such already associated elM to the eUICC for loT devices 102 , for instance , through the network N .
Moreover, an elM 112 ( for instance , a first elM to be associated with an eUICC ) may be associated by IDA with an eUICC for loT devices 102 by sending a set of data comprising configuration data of such elM 112 to the eUICC 102 . These configuration data may be used for instance for veri fication of profile state manage operation .
Even in the case of a first elM association, the sending of such set of data may be done , for instance , using a command ADD elM, that is , an ADD Ini tial EIM command in case of a first elM association, comprising such set of data and sending such ADD Ini tial elM command from the IDA directly to the eUICC for loT devices 102 , for instance , without using the network N .
In addition, it is noted that such ADD Ini tial elM command send by the IDA to the eUICC for loT devices 102 shall not comprise a signature in the set of data of the first elM, while further ADD elM commands that associate additional elMs to the eUICC for loT devices 102 shall comprise a digital cryptographic s ignature in the set of data of such additional elMs 112 to allow the eUICC 102 to authenticate the set of data .
Once an elM 112 has been associated with an eUICC for loT devices 102 , such eUICC 102 may be configured to process commands coming from such elM 112 , such commands being signed with an elM private key of an asymmetric key pair, such asymmetric key pair comprising the elM private key and an elM public key, and veri fied on the eUICC side with the elM public key of the asymmetric key pair, for instance , stored by the eUICC 102 .
It is noted that it is also poss ible to dissociate an elM 112 .
For instance , the association of the elM 112 and the eUICC 102 may be ended by deleting the set of data comprising the configuration data of the elM 112 from the OS of such eUICC for loT devices 102 .
For example , the deletion may be performed using a command DELETE elM indicating which elM is to be deleted .
Such command DELETE elM is sent from an associated elM or from a backend system to the eUICC for loT devices 102 through the network N, for instance . A sequences of commands , for instance the whole sequence of commands starting from an ADD elM command used to associate an elM with an eUICC 102 to REMOTE administration commands performed by such associated elM constituting a session, may be subj ect to replay attacks .
Replay attacks consist in sni f fing and resending previously sent command or a session to the eUICC for loT devices 102 .
To avoid such replay attacks , and to make each session unique, each associated elM may be given an association token AT .
The GSMA SGP . 32 standard defines that an association token AT may be used for replay protection .
The value of such association token AT may correspond to the value of a global counter provided on the eUICC 102 , such global counter being configured to start at zero and to be incremented in order to generate the next association token each time an association token is requested, that is , the first value of the association token will be 1 .
Such global counter is not resettable by any mechanism, for instance , by an eUICC Memory Reset .
In addition, an association token AT may either : be chosen by an elM 112 associated with an eUICC for loT devices 102 and included in the ADD elM command, or the associated elM 112 may ask the eUICC for loT devices 102 , using a dedicated request command or by including the request in the ADD elM command, to generate it starting from an internally managed global sequence counter 120 .
It is noted that such global counter 120 may be implemented with a monotonic counter, that can be only increased by one .
It is noted that i f the association token AT is chosen by the elM 112 and included in the ADD elM command, the eUICC for loT devices 102 may be configured to store such association token AT , for instance , in the OS ("Operating System" ) of such eUICC 102 , in order to use it for further REMOTE administration commands .
It is noted that i f the association token AT is generated by the global sequence counter 120 of the eUICC for loT devices 102 , the eUICC for loT devices 102 may be configured to store such association token AT in order to use it for further REMOTE administration commands , for instance , to check an elM signature that is based on such association token AT , and to send, for instance , in a first administration command, to the elM 112 the association token AT selected, for instance , so that such elM 112 can use the association token AT to sign further REMOTE administration commands .
Then, all the subsequent REMOTE administration commands exchanged between eUICC for loT device 102 and associated elM 112 may be signed on the basis of such associated token AT , such association token AT being an expected association token AT .
Hence , at the eUICC 102 , when receiving an ADD EIM command including an association token with a value that is di f ferent from the expected association token AT and REMOTE administration commands signed on the basis of an association token with a value that is di f ferent from the expected association token AT , then the commands are discarded/ ignore by the eUICC .
Therefore , i f the token generation switches from being chosen by an elM 112 to being generated by the eUICC for loT devices 102 , the example scenario illustrated in Figure 2 may occur .
Figure 2 illustrates a signal diagram 20 comprising example signals forwarded by the network N used by the architecture 10 , in particular by the wireless interfaces of the interfaces described in Figure 1, to an eUICC for loT devices 102.
The example scenario of Figure 2 comprises: a first operation T1 comprising associating a first elM 112i with an eUICC for loT devices 102 through a first ADD Initial elM command 200 (comprising a first set of configuration data Di of the first elM 112i) with an association token ATi equal to, for instance, 4, such association token ATi being chosen by the first elM 112i and included in the first ADD Initial elM command 200, therefore, the configuration data Di of the first elM 112i are stored on the eUICC for loT devices 102 with an association token ATi of value equal to 4; a second operation T2 comprising associating additional elMs, that is, a second, a third, and a fourth, elMs 1122, 112s, and 1124, with the eUICC for loT devices 102 through respective ADD elM commands 202, for instance, 2022, 202s, and 202 respectively (comprising respective set of configuration data D2, D3, and D4 of the additional elMs 1122, 112s, and 1124) with respective association tokens AT2, AT3, and AT4 equal to, for instance, 1, 2, and 3, respectively, such association tokens AT2, AT3, and AT4 being generated by the eUICC for loT devices 102 using the global sequence counter 120 (in response to respective requests indicating to generate an association token sent by such respective elMs, for instance, such request may be included in the ADD elM commands, and supposing that the first actual value to be selected by the global sequence counter 120 is the first value one) , therefore, the configuration data D2, D3, and D4 of the second, the third, and the fourth elMs 1122, 112s, and 1124, are stored on the eUICC for loT devices 102 with respective association tokens of values equal to 1, 2, and 3; a third operation T3 comprising having an administrative session comprising remote administration commands 204 ( signed on the basis of the association token ATi equal to 4 ) among the first elM 112i (which is configured to send such remote administration commands ) and the eUICC for loT devices 102 (which is conf igured to execute the operations indicated by such remote administration commands ) ; a fourth operation T4 comprising deleting the configuration data of the elMs stored ( it is noted that the value of the global sequence counter 120 is not af fected by such delete operation) , therefore , the configuration data Di, D2, D3, and D4 and the corresponding association token ATi, AT2 , AT3, and AT4 of values are deleted from the eUICC for loT devices 102 ; and a fi fth operation T5 comprising :
• associating again the first elM 112i to such eUICC for loT devices 102 through an additional ADD Initial elM command (performed by IDA) 208 ( comprising again the first set of configuration data Di of the first elM 112i ) with a corresponding new association token ATN , such new association token ATN being generated by the eUICC for loT devices 102 using the global sequence counter 120 ;
• associating again the first elM 112 i to such eUICC for loT devices 102 through an additional ADD Initial elM command (performed by IDA) 208 ( comprising again the first set of configuration data Di of the first elM 112i ) with a corresponding new association token ATN equal to the previous one , that is , the association token ATi ( that is , equal to 4 ) .
It is noted that i f such example scenario of Figure 2 occurs , in the first case since after the previous steps the actual value to be selected by the global sequence counter 120 is equal to 4 , the new association token ATN of value equal to 4 is generated . In the second case the association token carried in the ADD command has a value equal to 4 and it is greater than the last value selected by the global sequence counter 120 , so the command is still accepted .
Therefore , the first elM 112i is associated again to such eUICC for loT devices 102 with a corresponding new association token ATN equal to the previous one ATi ( that is , equal to 4 ) .
The configuration data Di of the first elM 112i are stored again on the eUICC for loT devices 102 with the new association token ATN of value equal to 4 .
Therefore , the first elM 112i is associated again with the eUICC for loT devices 102 using a same association token, that is , the new association token ATN , as the one used for the previous association, that is , the association token ATi ( that is , 4 in the reported example ) .
It is noted that the eUICC 102 deletes , in the fourth operation T4 , the configuration data of the elMs and the corresponding association tokens . However, the global sequence counter 120 managed by the eUICC 102 is not af fected by such DELETE command and so its value can be used to discard ADD elM commands that comprise association tokens with values lower than the actual value to be selected by the global sequence counter .
In such a scenario , as the ADD Initial elM command is send by the IDA without a signature , such ADD Initial elM command can be sni f fed and modi fied by a mal icious entity, requesting a generation of the association token AT at the eUICC 102 , that is , on card token generation .
Therefore , a malicious entity may send the ADD Initial elM command 200 , requesting on card token generation . Since the generated association token has a value that is higher than the last value selected by the global sequence counter 120 , such the ADD Initial elM command 200 is accepted by the eUICC for loT devices 102 . Thus , the eUICC 102 is deceived to believe that it is associated with the first elM 112i .
Hence , the ADD Initial elM command can be accepted by the eUICC for loT devices 102 , and the sequence of remote administration commands 204 sent during the third operation T3 may be sent again by the malicious entity . Since such remote administration commands 204 are signed based on the correct association token value ( that is , 4 in the example ) they may be accepted and executed by such eUICC 102 .
Moreover, the malicious entity can send the whole sequence ( Tl ; T3 ) as is , with no modifications , and i f the association token AT associated with such sequence is greater than or equal to the actual value that is to be selected by the global sequence counter 120 managed by eUICC 102 , the commands comprised in such sequence , that is , in the session of the first elM 112i, can still be accepted .
Therefore , the following scenarios can be possible : in the fourth operation T4 , the ADD Initial elM command 200 may be sent again, requesting on card token generation . It is noted that this sending operation, requesting the on-card token generation, do not af fect the command acceptance by the eUICC 102 since such command do not comprise a signature as it is sent by the IDA. The global sequence counter 120 holds , in the described scenario , the same value as the association token ATi associated to the first elM 112i, that is , 4 , thus , the whole sequence of remote administration commands 204 sent during the third operation T3 can be sent again . in the fourth operation T4 , the ADD Initial elM command, for instance , the ADD Initial elM command 200 , may be sent again with no modi fications , thus , carrying the association token ATi ( i f the ADD Initial elM command 200 is considered) or any other association token AT of value higher than or equal to the actual value that is to be selected by the global sequence counter 120 . Since the actual value that is to be selected by the global sequence counter 120 is smaller than or equal to the association token AT compri sed in the ADD Initial elM command, such command is accepted by the eUICC 102 and the corresponding sequence of remote administration commands ( for instance , the remote administration commands 204 i f the ADD Initial elM command 200 is considered) may be sent again, being accepted and executed by the eUICC 102 .
Therefore , a malicious entity may sni f f the ADD Initial elM command 200 sent during the first operation T1 and the remote administration commands 204 sent during the administrative session T3 in order to try to use them for a replay attack .
Thus , the previously sent session of the first elM 112i, starting from the first ADD Initial elM command 200 to the remote administration commands 204 , possibly sni f fed, may be sent again to the eUICC for loT devices 102 in order to start again the administrative session T3 that already occurred previously .
Therefore , such first ADD Initial elM command 200 and such remote administration commands , possibly sni f fed, may be used in a replay attack since the eUICC for loT devices 102 is deceived to execute the operations indicated by such first ADD Initial elM command 200 and such remote administration commands 204 in response to their reception .
In fact , since the value of the association token ATi used in the session of the first and third operations T1 and T3 is equal to ( or possibly higher than) the value of the actual value to be selected by the global sequence counter 120 , the eUICC 102 may be deceived by the reception, after such fourth operation T4 , of the first ADD Initial elM command 200 and the remote administration commands , possibly sni f fed, sent during such first and third operations T1 and T3 as the information related to the association token stored therein, that is , the association token ATi or a sign based thereon, has a value that is equal to ( or possibly higher than) the expected association token, that is , actual value to be selected by the global sequence counter 120 .
Therefore , in such a situation the association token AT may not ensure that each session is unique .
Therefore , there is a need of a solution solving the vulnerability described hereinbefore due to the use of association token .
Solutions that prevent replay attacks as that described above would be beneficial in order to increase the security of the eUICCs for loT devices .
Obj ect and summary
An obj ect of one or more embodiments is to contribute in providing solutions facilitating preventing replay attacks in order to increase the security of the eUICCs for loT devices .
According to one or more embodiments , that obj ect is achieved via a method for an enhanced token generation having the features set forth in the claims that follow .
One or more embodiments concern a corresponding device .
One or more embodiments concern a corresponding system architecture .
The claims are an integral part of the technical teaching provided in respect of the embodiments .
Solutions as described herein include a method suitable for associating in a communication network an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices with at least one remote manager module using a respective association token said eUICC for loT devices comprising an association token counter with a counter value , said method comprising at the eUICC for loT devices : receiving an association request from a first remote manager module the association request indicating to associate said eUICC for loT devices with said first remote manager module using a first association token comprised in said association request ; and updating, in response to the reception of the association request by the eUICC for loT devices and to said first association token being higher than the counter value , said counter value with the value of the first association token comprised in the received association request .
In various embodiments , said method further comprises : receiving an additional association request from a second remote manager module the additional association request indicating to associate said eUICC for loT devices with said second remote manager module and to provide by the eUICC for loT devices a second association token; incrementing, in response to the reception of the additional association request by the eUICC for loT devices said counter value , obtaining an incremented counter value ; and providing the incremented counter value to the second remote manager module as the second association token .
In various embodiments , said incrementing performed by said eUICC for loT devices comprises : generating, through said association token counter a sequence of values comprising an actual value to be selected at said eUICC for loT devices said actual value to be selected being the incremented counter value , in response to the reception of the additional association request sent by said second remote manager module to the eUICC for loT devices selecting, in particular through said association token counter the actual value to be selected as the second association token said actual value to be selected becoming a last selected value , and selecting, in particular through said association token counter the value in said sequence of values following said last selected value as next actual value to be selected .
In various embodiments , said updating performed by said eUICC for loT devices comprises : generating, in particular through said association token counter a sequence of values comprising an actual value to be selected at said eUICC for loT devices in response to the reception of the association request by the eUICC for loT devices and to said first association token being higher than or equal to the actual value to be selected, selecting, in particular through said sequence counter the value in said sequence of values equal to the first association token as a last selected value , and selecting, in particular through said sequence counter the value in said sequence of values following said last selected value as next actual value to be selected .
In various embodiments , said remote manager module is configured to perform profile state management operations in said eUICC for loT devices through profile state management commands signed by the remote manager module on the basis of the respective association token .
In various embodiments , said remote manager module is an eS IM loT remote Manager, elM .
In various embodiments , said association token counter cannot be resetted .
In various embodiments , said method comprising at the eUICC for loT devices : receiving a dissociation request from the first remote manager module the dissociation request indicating to dissociate said eUICC for loT devices from said first remote manager module ; receiving a second association request from the first remote manager module the second association request indicating to associate again said eUICC for loT devices with said first remote manager module using a new association token comprised in the second association request , and updating, in response to the reception of the second association request by the eUICC for loT devices and to said new association token being higher than the counter value , said counter value with the value of the new association token comprised in the received second association request .
In various embodiments , said method comprising at the eUICC for loT devices : receiving a dissociation request from the first remote manager module the dissociation request indicating to dissociate said eUICC for loT devices from said first remote manager module ; receiving a second association request from the first remote manager module the second association request indicating to associate again said eUICC for loT devices with said first remote manager module and to provide by the eUICC for loT devices a new association token and incrementing, in response to the reception of the second association request by the eUICC for loT devices said counter value , obtaining an incremented counter value ; and providing the incremented counter value to the first remote manager module as the new association token .
In various embodiments , the method according to any of the previous claims , wherein said method comprising at the eUICC for loT devices : receiving a further association request from a further remote manager module , the further association request indicating to associate said eUICC for loT devices with said further remote manager module using a further association token comprised in said further association request ; and discarding, in response to the reception of the further association request by the eUICC for loT devices and to said further association token being smaller than or equal to the counter value , said further association request .
In various embodiments , the embedded Universal Integrated Circuit Cards , eUICC for Internet of Things , loT devices is operated according to the GSMA SGP . 32 standard .
In various embodiments , said association request is comprised in an ADD elM command, said ADD elM command being sent by the first remote manager module to the eUICC for loT devices and indicating to associate said first remote manager module with said eUICC for loT devices using configuration data of said first remote manager module and said first association token .
Solutions as described herein facilitate preventing replay attacks in eUICCs for loT devices in order to increase the security of such eUICCs for loT devices . Brief description of the figures
One or more embodiments will now be described, by way of example only, with reference to the annexed figures , wherein :
Figure 1 , as previously described, illustrates a general architecture of a system for remotely provisioning and managing an eUICC for loT devices ;
Figure 2 , as previously described, illustrates a signal diagram comprising example signals forwarded by a network used by an architecture according to Figure 1 to an eUICC for loT devices in an example scenario that is vulnerable to replay attacks when using the GSMA SGP . 32 standard;
Figure 3 illustrates a general architecture of an eUICC for loT devices according to embodiment of the present description; and
Figure 4 illustrates a signal diagram comprising example signals forwarded by a communication network used by an architecture according to Figure 1 to an eUICC for loT devices in a same example scenario as that of Figure 2 but using a method for token generation according to embodiments of the present description .
Corresponding numerals and symbols in the di f ferent figures generally refer to corresponding parts unless otherwise indicated .
The figures are drawn to clearly illustrate the relevant aspects of the embodiments and are not necessarily drawn to scale .
The edges of features drawn in the figures do not necessarily indicate the termination of the extent of the feature .
Detailed description
In the ensuing description one or more speci fic details are illustrated, aimed at providing an in-depth understanding of examples of embodiments of this description . The embodiments may be obtained without one or more of the speci fic details , or with other methods , components , materials , etc . In other cases , known structures , materials , or operations are not illustrated or described in detail so that certain aspects of embodiments will not be obscured .
Reference to "an embodiment" or "one embodiment" in the framework of the present description is intended to indicate that a particular configuration, structure , or characteristic described in relation to the embodiment is comprised in at least one embodiment . Hence , phrases such as " in an embodiment" or " in one embodiment" that may be present in one or more points of the present description do not necessarily refer to one and the same embodiment .
Moreover, particular conf igurations , structures , or characteristics may be combined in any adequate way in one or more embodiments .
The headings/ref erences used herein are provided merely for convenience and hence do not define the extent of protection or the scope of the embodiments .
For simplicity and ease of explanation, throughout this description, and unless the context indicates otherwise , like parts or elements are indicated in the various figures with like reference signs , and a corresponding description will not be repeated for each and every figure .
As previously described, solutions disclosed herein aim at preventing replay attacks as that described above in order to increase the security of the eUICCs for loT devices .
It is noted that the vulnerability to replay attacks of the previously described scenario may arise from the management of the association tokens AT and, in particular, of the global sequence counter 120 of the eUICC for loT devices 102 .
In fact , such global sequence counter 120 is never erased ( that is , resetted) in response to an elM 112 choosing an association token AT that is to be associated with the eUICC for loT devices 102 or to such elM 112 asking the eUICC for loT devices 102 to generate the association token AT , that is , is not set to zero in response to any association token AT generation .
In addition, such global sequence counter 120 is never modi fied ( that is , set to a di f ferent value ) in response to an elM 112 choosing an association token AT that is to be associated with the eUICC for loT devices 102 , that is , is not set to any di f ferent value in response to such elM 112 choosing an association token AT value .
In addition, it is noted that even i f the configuration data, generally referred as D, of an associated elM 112 are deleted, for instance, in response to a DELETE elM command, the value of such global sequence counter 120 is not af fected .
It is noted that even i f the eUICC is resetted, the value of the global sequence counter 120 is not be af fected .
It is noted that the values used for the association tokens AT reported in the above description of Figure 2 are j ust example values , in fact , a scenario vulnerable to replay attacks may be present even i f : any other value is considered for the first actual value to be selected by the global sequence counter 120 of the eUICC for loT devices 102 , that is , any other value is considered as the first value of the global sequence counter , referred to as a first actual value to be selected, and any other value is considered for the association token AT selected by the first elM 112i, that is , any other association token AT value is chosen by the first elM 112 during the first operation Tl , re ferred to as a second value , provided that such first actual value to be selected is lower than or equal to such second value .
It is noted that such first actual value to be selected corresponds to the value that is to be selected by such global sequence counter 120 at the beginning of the considered scenario , and an actual value to be selected by the global sequence counter 120 is a value following a last selected value in a sequence of values generated by the global sequence counter 120 .
I f the known token generation and management described in Figure 2 is used, given a first actual value to be selected for the global sequence counter 120 and a second value for the association token AT selected by the first elM 112 i, such second value being higher than or equal to such first actual value to be selected, the number of additional elMs that are to be associated with a corresponding eUICC for loT devices 102 after the first elM 112i ( through respective ADD elM commands 202 ) in order to result in a scenario vulnerable to replay attacks is equal to the di f ference between the second value and the first actual value to be selected .
It is noted that i f the di f ference is zero , the replay attack may be ef fective i f no additional elMs after the first elM 112i are added, that is , i f no ADD elM commands 202 is sent by the network N to the eUICC for loT devices 102 .
Therefore , i f an elM 112 is to be associated with an eUICC for loT devices 102 according to embodiments of solutions described herein, for instance , using an ADD elM command comprising configuration data D of such elM 112 , such eUICC for loT devices 102 may generate the association token AT using a di f ferent method, such method comprising : in response to a request sent , for instance , by using the ADD elM command, by the elM 112 to such eUICC for loT devices 102 indicating to generate the corresponding as sociation token AT , selecting, through the global sequence counter 120 of the eUICC for loT devices 102 , the actual value to be selected in the sequence of values generated by the global sequence counter 120 as association token AT , such actual value to be selected becoming a last selected value ; in response to such association token AT being selected by the elM 112 ( and therefore sent to the eUICC 102 using the ADD elM command) and being higher than or equal to the actual value to be selected, selecting, through such global sequence counter 120 , the value in such sequence of values equal to the association token AT selected by the elM 112 as the last selected value , thus , updating the last selected value to the value of the chosen association token AT ; and selecting, through such global sequence counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
Figure 3 illustrates a general architecture 40 o f an eUICC for loT devices 102 according to embodiment of the present description .
It is noted that parts , elements , and/or components which have already been described with reference to Figure 1 are denoted by the same references previously used in such figure . Therefore , the description of such previously described parts , elements , and/or components will not be repeated in the following in order not to overburden the present detailed description .
The general architecture 40 of Figure 3 comprises a control unit 122 , for instance , a processor of the eUICC 102 , a logic control unit , a microcontroller, a microprocessor, or the like , configured to provide control signals to the global sequence counter 120 .
For instance , such control signals may be sent by the OS of such eUICC for loT devices 102 , for instance , running on the processor 122 of the eUICC 102 , when an elM 112 is added, for instance , through an ADD elM command, with a corresponding association token AT .
For instance , the control signals may indicate to select , i f the eUICC 102 is requested to generate an association token AT , the actual value to be selected in the sequence of values generated by the global sequence counter 120 as association token AT .
For instance , such control signals may indicate to select , i f an as sociation token AT selected by the elM 112 is higher than or equal to the actual value to be selected by the global sequence counter 120 , the value in the sequence of values generated by the global sequence counter 120 equal to the association token AT selected by the elM 112 as the last selected value .
It is noted that such control unit 122 may be comprised in the eUICC for loT devices 102 , in particular it may be comprised in the global sequence counter 120 , in a global sequence counter management unit .
It is noted that , i f the di fferent method for the generation of the association token AT is used, the previously described example scenario , that is , the one described in Figure 2 , may not be vulnerable to replay attacks .
It is noted that , i f such di f ferent method for the generation of the association token AT is used, scenarios similar to that of Figure 2 may not be vulnerable to replay attacks , in particular, setting through an elM 112 (without using the global sequence counter 120 of the eUICC for loT devices 102 ) an association token AT with a value higher than or equal to the actual value that is to be selected by the global sequence counter 120 may not lead to scenarios vulnerable to replay attacks .
For instance , Figure 4 illustrates a signal diagram 30 comprising example signals forwarded by the network N used by the architecture 40 of Figure 3 , in particular by the wireless interfaces of the interfaces described therein, to an eUICC for loT devices 102 in a same example scenario as that of Figure 2 but using a method for the generation of an association token AT according to embodiments of the present description .
It is noted that the values used for the association tokens AT reported in the following description are disclosed herein by way of example only, and, there fore , are not intended to limit the scope of protection of the present document .
Therefore , a same scenario ( as that of Figure 4 ) may still present i f any other value is considered for the first actual value to be selected by the global sequence counter 120 of the eUICC for loT devices 102 , and any other value is considered for the association token AT selected by the first elM 112 i, provided that such first actual value to be selected by the global sequence counter 120 is lower than or equal to the value selected for the association token AT by the first elM 112i .
The example scenario of Figure 4 comprises : a first operation Ti l comprising associating a first elM 112i with an eUICC for loT devices 102 through a first ADD Initial elM command 300 ( comprising a first set of configuration data Di of the first elM 112i ) with an association token ATi equal to , for instance , 4 , such association token ATi being chosen by the first elM 112i and included in the first ADD Initial elM command 300 . Therefore , the configuration data Di of the first elM 112i are stored on the eUICC for loT devices 102 with an association token ATi of value equal to 4 . In addition, since the association token ATi is chosen by the first elM 112i and the value chosen for such association token ATi is higher than ( or equal to ) the first actual value to be selected by the global sequence counter 120 ( supposing that the first actual value to be selected by the global sequence counter 120 is the first value one ) , the last selected value in the sequence of values generated by the global sequence counter 120 is updated to the value of the chosen association token ATi, that is , to 4 , so that the next actual value to be selected by the global sequence counter 120 as next association token AT is 5 ; a second operation T12 comprising associating additional elMs , that is , a second, a third, and a fourth elMs 1122 , 112s, and 1124 with the eUICC for loT devices 102 through respective ADD elM commands 302 , for instance , 3022 , 302s, and 302 respectively ( comprising respective set of configuration data D2 , D3, and D4 of the additional elMs 1122 , 112s, and 1124 ) with respective association tokens AT2 , AT3, and AT4 equal to 5 , 6 , and 7 , respectively, such association tokens AT2 , AT3, and AT4 being generated by the eUICC for loT devices 102 using the global sequence counter 120 ( in response to respective requests indicating to generate an association token sent by such respective elMs , for instance , such request may be included in the ADD elM commands ) . Therefore , the configuration data D2 , D3, and D4 of the second, the third, and the fourth elMs 1122 , 1123, and 1124 , are stored on the eUICC for loT devices 102 with respective association tokens of values equal to 5 , 6 , and 7 ; a third operation T13 comprising having an administrative session comprising remote administration commands 304 (signed on the basis of the association token ATi equal to 4) among the first elM 112i (which is configured to send such remote administration commands) and the eUICC for loT devices 102 (which is configured to execute the operations indicated by such remote administration commands) ; a fourth operation T14 comprising deleting the configuration data Di, D2, D3, and D4 of the elMs 112i, 1122, 1123, and 1124 through deletion commands, specifically DELETE elM commands, 306 (it is noted that the global sequence counter 120 is not affected by such delete operation) , therefore, the configuration data Di, D2, D3, and D4 of the elMs 112i, 1122, 112s, and 1124 and the corresponding association tokens ATi, AT2, AT3, and AT4 are deleted from the eUICC for loT devices 102; and a fifth operation T15 comprising associating again the first elM 112i to such eUICC for loT devices 102 through an additional ADD Initial elM command 308 (comprising again the first set of configuration data Di of the first elM 112i) with a new association token ATN, such new association token ATN being generated by the eUICC for loT devices 102 using the global sequence counter 120, that is, using a new association token ATN with a value equal to 8, therefore, the configuration data Di of the first elM 112i are stored on the eUICC for loT devices 102 with a different new association token ATN of value equal to 8;
Therefore, in this case, the first elM 112i is associated with the eUICC for loT devices 102 using a different association token, that is, the new association token ATN with value, for instance, equal to 8 instead of 4, that is, the example value of the value of the association token ATi.
In such a case, a malicious entity may sniff the remote administration commands 304 sent during the administrative session T13 in order to try to use them for a replay attack but, differently from the case of Figure 2, the previously sent remote administration commands, possibly sniffed, may be discarded by the eUICC for loT devices 102 since the expected association token used to sign the remote administration commands, that is, the new association token ATN, (8 in the example of Figure 4) is different from the one sniffed and forwarded by the malicious entity through the signature of the remote administration commands 304 sent during the administrative session T13, that is, the association token ATi (4 in the example of Figure 4) .
Thus, the previously sent remote administration commands, possibly sniffed, may be sent again to the eUICC for loT devices 102, but such remote administration commands, possibly sniffed, may be discarded since the signature comprised therein is based on the association token, that is, the association token ATi, for instance, of value equal to 4, that is different from the expected one, that is, the new association token ATN, for instance, of value equal to 8.
Therefore, the previously sent remote administration commands, possibly sniffed, may not be used in a replay attack if the method for the generation of the association token AT described herein is used.
Thus, a solution using the method for the generation of association tokens AT as described herein comprises an eUICC for loT devices 102 that may not be deceived by the reception of previously sent remote administration commands, possibly sniffed, thus, preventing replay attacks in scenarios as described above.
It is noted that in embodiments of solutions as described herein, if an elM provides for the association with an eUICC 102 an association token with a value that is smaller than the actual value to be selected by the global sequence counter 120 , the ADD elM command is discarded by the eUICC 102 .
To summarize , solutions as described herein comprise a method suitable for associating in a communication network, for instance , the network N, an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices 102 with at least one remote manager module , for instance , one or more elMs 112 , using a respective association token AT , such eUICC for loT devices 102 comprising an association token counter, for instance , the global sequence counter 120 , with a counter value , that is , a value preceding the actual value to be selected by the global sequence counter 120 , such method comprising at the eUICC for loT devices 102 : receiving an as sociation request , for instance , comprised in or corresponding to an ADD elM command, from a first remote manager module 112 , for instance , the first elM 112 i, the association request indicating to associate such eUICC for loT devices 102 with such first remote manager module 112 using a first association token AT , for instance , the association token ATi, comprised in such association request , for instance , by storing configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, in the eUICC for loT devices 102 ; and updating, in response to the reception of the association request by the eUICC for loT devices 102 and to such first association token AT being higher than the counter value , such counter value with the value of the first association token AT comprised in the received association request .
In addition, such method may further comprise : receiving an additional association request , for instance , comprised in or corresponding to an additional ADD elM command, from a second remote manager module , for instance , the second elM 1122 , the additional association request indicating to associate such eUICC for loT devices 102 with such second remote manager module 1122 , for instance , by storing configuration data of the second remote manager module , for instance , the configuration data D2 of the second elM 1122 , in the eUICC for loT devices 102 , and to provide by the eUICC for loT devices 102 a second association token, for instance , the association token AT2 ; incrementing, in response to the reception of the additional association request by the eUICC for loT devices 102 , such counter value , obtaining an incremented counter value , that is , the actual value to be selected by the global sequence counter 120 ; and providing the incremented counter value to the second remote manager module 1122 as the second association token AT2 .
In various embodiments , such method may comprise at the eUICC for loT devices 102 : receiving a further association request from a further remote manager module , for instance , an elM 112 , the further association request indicating to associate such eUICC for loT devices 102 with such further remote manager module 112 using a further association token AT comprised in such further association request ; and discarding, in response to the reception of the further association request by the eUICC for loT devices 102 and to such further association token AT being smaller than or equal to the counter value , such further association request .
In particular, the incrementing performed by such eUICC for loT devices 102 may comprise : generating, through such association token counter 120 , a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , such actual value to be selected being the incremented counter value , in response to the reception of the additional association request sent by such second remote manager module 1122 to the eUICC for loT devices 102 , selecting, in particular through such association token counter 120 , the actual value to be selected as the second association token AT2 , such actual value to be selected becoming a last selected value , and selecting, in particular through such association token counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
In addition, the updating performed by such eUICC for loT devices 102 may comprise : generating, in particular through such association token counter 120 , a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , in response to the reception of the association request by the eUICC for loT devices 102 and to such first association token AT , for instance , the association token ATi, being higher than or equal to the actual value to be selected, selecting, in particular through such sequence counter 120 , the value in such sequence of values equal to the first association token AT as a last selected value , and selecting, in particular through such sequence counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
Therefore , solutions as described herein comprise a method for managing profiles in an embedded Universal Integrated Circuit Card, eUICC for Internet of Things , loT devices , for instance , the eUICC for loT devices 102 , such eUICC for loT devices 102 being configured to be associated with a remote manager module configured to perform profile state management operations in such eUICC, for instance , an elM 112 , using an association token AT , such method comprising performing a token generation operation at such embedded Universal Integrated Circuit Card 102 , such token generation operation comprising generating a sequence of values comprising an actual value to be selected at such eUICC for loT devices 102 , in particular by a global sequence counter, for instance , the global sequence counter 120 comprised in the eUICC for loT devices 102 , wherein such token generation operation comprises : in response to a request , for instance , an ADD elM command, sent by such remote manager module 112 to the eUICC for loT devices 102 indicating to generate the association token AT , selecting, in particular through such global sequence counter 120 , the actual value to be selected as association token AT , such actual value to be selected becoming a last selected value , in response to such association token AT being selected by the remote manager module 112 and being higher than or equal to the actual value to be selected, selecting, in particular through such global sequence counter 120 , the value in such sequence of values equal to the association token AT selected by the remote manager module 112 as the last selected value , and selecting, in particular through such global sequence counter 120 , the value in such sequence of values following such last selected value as next actual value to be selected .
In various embodiments , the method may comprise at the eUICC for loT devices 102 : receiving a dis sociation request , for instance , comprised in or corresponding to a DELELTE elM command, from the first remote manager module , for instance , an elM 112 , for instance , the first elM 112i, the dissociation request indicating to dissociate such eUICC for loT devices 102 from such first remote manager module 112 , that is , indicating to delete the configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, from the eUICC for loT devices 102 ; receiving a second association request , for instance , comprised in or corresponding to a second ADD elM command, from the first remote manager module 112 , the second association request indicating to associate again such eUICC for loT devices 102 with such first remote manager module 112 using a new association token, for instance , the association token ATN , comprised in the second association request , for instance , by storing configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, in the eUICC for loT devices 102 , and updating, in response to the reception of the second association request by the eUICC for loT devices 102 and to such new association token ATN being higher than the counter value , such counter value with the value of the new association token ATN comprised in the received second association request .
Alternatively, such method may comprise at the eUICC for loT devices 102 : receiving a dis sociation request , for instance , comprised in or corresponding to a DELELTE elM command, from the first remote manager module , for instance , an elM 112 , for instance , the first elM 112i, the dissociation request indicating to dissociate such eUICC for loT devices 102 from such first remote manager module 112 , that is , indicating to delete the configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, from the eUICC for loT devices 102 ; receiving a second association request , for instance , comprised in or corresponding to a second ADD elM command, from the first remote manager module 112 , the second association request indicating to associate again such eUICC for loT devices 102 with such first remote manager module 112 , for instance , by storing configuration data of the first remote manager module , for instance , the configuration data Di of the first elM 112i, in the eUICC for loT devices 102 , and to provide by the eUICC for loT devices 102 a new association token, for instance , the association token ATN , and incrementing, in response to the reception of the second association request by the eUICC for loT devices 102 , such counter value , obtaining an incremented counter value , that is , the actual value to be selected by the global sequence counter 120 ; and providing the incremented counter value to the first remote manager module 112 as the new association token ATN .
It is noted that the remote manager module may be configured to perform profile state management operations in the eUICC for loT devices 112 through profile state management commands , for instance , one or more remote administration commands , signed by the remote manager module 112 on the basis of the respective association token AT .
It is noted that , in various embodiments , the association token counter 120 cannot be resetted .
It is noted that the remote manager module configured to perform profile state management operations in the eUICC 102 may be an eS IM loT remote Manager, elM 112 .
It is noted that the embedded Universal Integrated Circuit Cards , eUICC for Internet of Things , loT devices 102 may be operated according to the GSMA SGP . 32 standard .
It is noted that , in response to the association token AT being selected by the remote manager module , for instance , by an elM 112 , such association token AT may be comprised in an ADD elM command, for instance , the example ADD Initial elM command 300 or 302 , such ADD elM command being sent by the remote manager module 112 to the eUICC for loT devices 102 and indicating to associate such remote manager module 112 with such eUICC for loT devices 102 using configuration data D o f such remote manager module 112 and such association token AT .
Solutions as described herein facilitate preventing replay attacks using an enhanced method for token generation .
Thus , solutions as described herein facilitate preventing replay attacks in eUICCs for loT devices in order to increase the security of such eUICCs for loT devices .
Without prej udice to the underlying principles , the details and the embodiments may vary, even signi ficantly, with respect to what has been described by way of example only without departing from the scope of the embodiments .
The extent of protection is determined by the annexed claims .

Claims

1. Method suitable for associating in a communication network an embedded Universal Integrated Circuit Card, eUICC for Internet of Things, loT devices (102) with at least one remote manager module (112) using a respective association token (AT) , said eUICC for loT devices (102) comprising an association token counter (120) with a counter value, said method comprising at the eUICC for loT devices (102) : receiving an association request from a first remote manager module (112; 112i) , the association request indicating to associate said eUICC for loT devices (102) with said first remote manager module (112) using a first association token (AT; ATi) comprised in said association request; and updating, in response to the reception of the association request by the eUICC for loT devices (102) and to said first association token (AT) being higher than the counter value, said counter value with the value of the first association token (AT) comprised in the received association request.
2. The method according to claim 1, wherein said method further comprises: receiving an additional association request from a second remote manager module (1122) , the additional association request indicating to associate said eUICC for loT devices (102) with said second remote manager module (1122) and to provide by the eUICC for loT devices (102) a second association token (AT2) ; incrementing, in response to the reception of the additional association request by the eUICC for loT devices (102) , said counter value, obtaining an incremented counter value; and providing the incremented counter value to the second remote manager module (1122) as the second association token (AT2) .
3. The method according to claim 2, wherein said incrementing performed by said eUICC for loT devices (102) comprises: generating, through said association token counter (120) , a sequence of values comprising an actual value to be selected at said eUICC for loT devices (102) , said actual value to be selected being the incremented counter value, in response to the reception of the additional association request sent by said second remote manager module (1122) to the eUICC for loT devices (102) , selecting, in particular through said association token counter (120) , the actual value to be selected as the second association token (AT2) , said actual value to be selected becoming a last selected value, and selecting, in particular through said association token counter (120) , the value in said sequence of values following said last selected value as next actual value to be selected.
4. The method according to any of the previous claims, wherein said updating performed by said eUICC for loT devices (102) comprises: generating, in particular through said association token counter (120) , a sequence of values comprising an actual value to be selected at said eUICC for loT devices (102) , in response to the reception of the association request by the eUICC for loT devices (102) and to said first association token (AT) being higher than or equal to the actual value to be selected, selecting, in particular through said sequence counter (120) , the value in said sequence of values equal to the first association token (AT) as a last selected value, and selecting, in particular through said sequence counter (120) , the value in said sequence of values following said last selected value as next actual value to be selected.
5. The method according to any of the previous claims, wherein said remote manager module is configured to perform profile state management operations in said eUICC for loT devices (112) through profile state management commands signed by the remote manager module (112) on the basis of the respective association token (AT) .
6. The method according to any of the previous claims, wherein said remote manager module (112) is an eSIM ToT remote Manager, eTM.
7. The method according to any of the previous claims, wherein said association token counter (120) cannot be resetted.
8. The method according to any of the previous claims, wherein said method comprising at the eUICC for ToT devices (102) : receiving a dissociation request from the first remote manager module (112) , the dissociation request indicating to dissociate said eUICC for loT devices (102) from said first remote manager module (112) ; receiving a second association request from the first remote manager module (112) , the second association request indicating to associate again said eUICC for loT devices (102) with said first remote manager module (112) using a new association token (ATN) comprised in the second association request, and updating, in response to the reception of the second association request by the eUICC for loT devices (102) and to said new association token (ATN) being higher than the counter value, said counter value with the value of the new association token (ATN) comprised in the received second association request.
9. The method according to any of the claims 1 to 7, wherein said method comprising at the eUICC for loT devices (102) : receiving a dissociation request from the first remote manager module (112) , the dissociation request indicating to dissociate said eUICC for loT devices (102) from said first remote manager module (112) ; receiving a second association request from the first remote manager module (112) , the second association request indicating to associate again said eUICC for loT devices (102) with said first remote manager module (112) and to provide by the eUICC for loT devices (102) a new association token (ATN) , and incrementing, in response to the reception of the second association request by the eUICC for loT devices (102) , said counter value, obtaining an incremented counter value; and providing the incremented counter value to the first remote manager module (112) as the new association token (ATN) .
10. The method according to any of the previous claims, wherein said method comprising at the eUICC for loT devices (102) : receiving a further association request from a further remote manager module (112) , the further association request indicating to associate said eUICC for loT devices (102) with said further remote manager module (112) using a further association token (AT) comprised in said further association request; and discarding, in response to the reception of the further association request by the eUICC for loT devices (102) and to said further association token (AT) being smaller than or equal to the counter value, said further association request.
11. The method according to any of the previous claims, wherein the embedded Universal Integrated Circuit Cards, eUICC for Internet of Things, loT devices (102) is operated according to the GSMA SGP.32 standard.
12. The method according to any of the previous claims, wherein said association request is comprised in an ADD elM command (300, 302) , said ADD elM command (300, 302) being sent by the first remote manager module (112) to the eUICC for loT devices (102) and indicating to associate said first remote manager module (112) with said eUICC for loT devices (102) using configuration data (D) of said first remote manager module (112) and said first association token (AT) .
13. An embedded Universal Integrated Circuit Card, eUICC for Internet of Things, loT devices (102) configured to be associated with at least one remote manager module (112) using a respective association token (AT) , said eUICC for loT devices (102) comprising an association token counter (120) and being configured to execute the method according to any of the previous claims .
14. A system architecture (40) , comprising: an embedded Universal Integrated Circuit Card, eUICC for Internet of Things, loT devices (102) operating in an loT device (100) and comprising an association token counter (120) , and a first remote manager module (112) , in particular an eSIM loT remote Manager elM (112) , said remote manager module (112) being configured to be associated with the eUICC for loT devices (102) using a first association token (AT) , and characterized in that said system architecture (40) is configured to perform the operations of the method of any of the claims 1 to 12.
15. A system architecture (40) according to claim 14, wherein said remote manager module (112) is configured to perform profile state management operations in said eUICC for loT devices (102) and/or said system architecture (40) further comprises at least a server (114) , in particular a SM-DP+ server, which is configured to prepare profiles, store profiles, and deliver digital profiles to embedded Universal Integrated Circuit Cards, eUICCs (102) .
PCT/IB2024/060248 2023-11-10 2024-10-18 Method for associating an embedded universal integrated circuit card with a remote manager module, corresponding device and system architecture Pending WO2025099519A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102023000023787 2023-11-10
IT202300023787 2023-11-10

Publications (1)

Publication Number Publication Date
WO2025099519A1 true WO2025099519A1 (en) 2025-05-15

Family

ID=89474073

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2024/060248 Pending WO2025099519A1 (en) 2023-11-10 2024-10-18 Method for associating an embedded universal integrated circuit card with a remote manager module, corresponding device and system architecture

Country Status (1)

Country Link
WO (1) WO2025099519A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009092115A2 (en) * 2008-01-18 2009-07-23 Interdigital Patent Holdings, Inc. Method and apparatus for enabling machine to machine communication
WO2010123890A1 (en) * 2009-04-20 2010-10-28 Interdigital Patent Holdings, Inc. System of multiple domains and domain ownership
US20140317721A1 (en) * 2013-04-17 2014-10-23 Oberthur Technologies Secure element for a telecommunications terminal
EP3057350A1 (en) * 2015-02-13 2016-08-17 Gemalto Sa Method for remote subscription management of an eUICC, corresponding terminal
EP4057661A1 (en) * 2021-03-09 2022-09-14 Kigen (UK) Limited System, module, circuitry and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009092115A2 (en) * 2008-01-18 2009-07-23 Interdigital Patent Holdings, Inc. Method and apparatus for enabling machine to machine communication
WO2010123890A1 (en) * 2009-04-20 2010-10-28 Interdigital Patent Holdings, Inc. System of multiple domains and domain ownership
US20140317721A1 (en) * 2013-04-17 2014-10-23 Oberthur Technologies Secure element for a telecommunications terminal
EP3057350A1 (en) * 2015-02-13 2016-08-17 Gemalto Sa Method for remote subscription management of an eUICC, corresponding terminal
EP4057661A1 (en) * 2021-03-09 2022-09-14 Kigen (UK) Limited System, module, circuitry and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"eSIM IoT Technical Specification", 4 July 2023

Similar Documents

Publication Publication Date Title
KR102406757B1 (en) A method of provisioning a subscriber profile for a secure module
EP3800909B1 (en) Remote management method, and device
CN104520870B (en) Method and system for updating firmware of a security module
US9247424B2 (en) Methods and apparatus for large scale distribution of electronic access clients
US11064357B2 (en) Method and apparatus for managing embedded universal integrated circuit card eUICC
US10419900B2 (en) Method and apparatus for managing application terminal remotely in wireless communication system
US9231931B2 (en) Method and apparatus of constructing secure infra-structure for using embedded universal integrated circuit card
US20080189550A1 (en) Secure Software Execution Such as for Use with a Cell Phone or Mobile Device
CN108307674A (en) A method and device for ensuring terminal security
CN110519753B (en) Access method, device, terminal and readable storage medium
KR20080113087A (en) How to Strengthen Security Policy on Mobile Devices
US9313650B2 (en) Communications system, mobile communications device, transition control device, transition control method, and transition control program
CN104737566A (en) Method for importing user identity data into the user identity module
US9032186B2 (en) Utilization of a microcode interpreter built in to a processor
CN110719590B (en) One-key login method, device, equipment and storage medium based on mobile phone number
CN107835204A (en) The security control of configuration file policing rule
EP3541106A1 (en) Methods and apparatus for euicc certificate management
US20190026478A1 (en) Vehicle secure communication method and apparatus, vehicle multimedia system, and vehicle
WO2019071650A1 (en) Method for upgrading application in security element and related device
EP3737129B1 (en) Management method for offline management instruction and terminal
JP5613350B2 (en) Method for updating maintenance element contained in terminal on communication network and corresponding update server
JP2024526174A (en) Update Agent Download Scheme
CN103002430B (en) Method, the Apparatus and system of a kind of terminal applies and termination number binding
WO2025099519A1 (en) Method for associating an embedded universal integrated circuit card with a remote manager module, corresponding device and system architecture
US7698739B2 (en) Updating code with validation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24804615

Country of ref document: EP

Kind code of ref document: A1