Communicating by means of a mobile end device, for example a mobile telephone, over a mobile radio network (also designated as a PLMN [Public Land Mobile Network]) which is operated by a network operator (also designated as an MNO [Mobile Network Operator]) as a rule requires that the mobile end device is equipped with a security element for securely storing data that uniquely identify the user of the mobile end device vis-à-vis the mobile radio network. For example, in a mobile end device that is configured for communicating according to the GSM standard (Global System for Mobile Communications), which is currently the most widespread mobile radio standard in the world, there is used a security element with the name SIM (Subscriber Identity Module) usually in the form of a chip card or smart card. According to the GSM standard, whose technical features are defined in a plurality of mutually linked and interdependent specifications, the SIM card contains subscriber identification data or subscription authorization data (“Subscription Credentials”) which are part of a subscription (also called the subscription profile), for identifying and authenticating the user or subscriber, including an IMSI (International Mobile Subscriber Identity) and an authentication key Ki.
An area of application of security elements, such as SIM cards, UICCs, eUICCS, and the like, that in all probability will grow substantially during the coming years is M2M communication (“machine-to-machine communication”), i.e. communication between machines over a mobile radio network without human interaction, for which the designation “Internet of Things” is also employed. In M2M communication, data can be automatically exchanged between numerous different kinds of machines that are equipped with a security element in the form, or as part, of an M2M module, for example TV systems, set-top boxes, vending machines, vehicles, traffic lights, surveillance cameras, sensor apparatuses, electricity meters and similar M2M apparatuses, with the M2M module or security element being as a rule permanently installed in a respective M2M apparatus. With a security element that is part of an M2M module or configured as such a module, a subscription with subscription authorization data must also as a rule be present on the security element in order that the latter can identify and authenticate itself vis-à-vis a mobile radio network and therefore communicate over the mobile radio network.
Upon the manufacture of a security element for a mobile end device or an M2M apparatus, the subscription authorization data are usually deposited on the security element as part of a subscription by the manufacturer of the security element or the network operator within the context of a personalization process. In this procedure, the corresponding subscription is as a rule immediately“active”, i.e. can be employed for communication over a mobile radio network, if the subscription authorization data, for example an IMSI, are also deposited in the corresponding mobile radio network. When an M2M apparatus with such an active subscription is delivered to a customer, the problem can arise that if the M2M apparatus is stolen, goes missing or is otherwise lost on the way to the customer, the active subscription of the M2M apparatus nevertheless enables communication over a mobile radio network, which as a rule cannot be in the interests of the customer and/or the manufacturer of the M2M apparatus.
Against this background, the present invention is faced with the object of proposing improved methods and apparatuses for employing a subscription on a security element that are able to at least partly remedy the hereinabove described disadvantage.