An electronic device that uses a network provided by a mobile network operator (MNO) has to contain information for identifying and authenticating a user. For example, the electronic device has to contain information such as international mobile subscriber identity (IMSI). The IMSI that is a unique value in all cellular networks may include, for example, mobile country code (MCC), mobile network code (MNC), and mobile subscription identification number (MSIN) information. For example, in the case where “123456789” is allocated as the MSIN value in the AT&T operator (MNC=150) of the USA (MCC=310), the IMSI of the user may be “310150123456789”. In the case where “13511078690” is allocated as the MSIN value in the CMCC operator (MNC=00) of the CHINA (MCC=460), the IMSI of the user may be “4600013511078690”.
Information necessary for identification/authentication, such as the IMSI, may be mounted in a universal integrated circuit card (UICC), such as a subscriber identity module (SIM) card or a universal SIM (USIM) card, or an embedded UICC such as an embedded secure element (eSE). Also, the above-described manners may be mixed with each other. For example, the electronic device may include a detachable UICC of a hardware manner and may simultaneously have a SIM that is stored in the eSE or is installed in a software manner in a secure area. In this case, the electronic device may activate one of the installed SIM and the detachable UICC or two (or more) SIMs to communicate with a network.
For the electronic device to use the SIM of the software manner, the electronic device has to receive SIM data through the network. Since the IMSI value or the like for identification of the user is included in the SIM data, various issues occur if the IMSI value is leaked in a communication process or is not safely stored in the secure area of the electronic device. Since data usage is aggregated or charged on the basis of the IMSI value, the user may suffer serious damage when the SIM data are leaked.