A recent development in third generation (3G) wireless communications is the long term evolution (LTE) cellular communication standard, sometimes referred to as 4th generation (4G) systems. Both 3G and 4G technologies are compliant with third generation partnership project (3GPP™) standards.
A universal integrated circuit card (UICC) is a smart card used in mobile terminals in global system for mobile communications (GSM) and LTE networks to store, inter alia, subscriber data. The UICC ensures the integrity and security of all kinds of personal data, and it typically holds a few hundred kilobytes. With the advent of more services, it is known that the storage space for UICCs will need to be larger.
There has also been a recent trend for machine to machine (M2M) communication modules to be integrated directly into target (M2M) devices, such as Automated Meter Readers (AMRs), vending machines, alarm systems, automotive equipment or others. Such M2M devices have also been configured with wireless capability. Thus, with the advent of machine to machine (M2M) devices including communication modules that use cellular modems, new M2M form factors (MFF) have been developed. These MFF components replace the conventional, removable subscriber information module (SIM) card with a fixed (i.e. soldered), embedded universal integrated circuit card (eUICC) that is incorporated into M2M devices.
As the eUICC is to be embedded into devices, there have been some initial discussions within the technical community about over-the-air provisioning of eUICCs, in order to allow a subscription manager (SM) to upload a new profile to the eUICC. In this manner, new profiles may be wirelessly programmed into the M2M devices, for example in order to facilitate switching between mobile network operators (MNOs). These uploaded profiles are generally denoted as operational profiles, and include one or more network access application(s) (NAA) and associated network access credentials (NAC). The one or more network access application(s) are application(s) that reside on an eUICC, providing authorization to access a network. Network access credentials include data required to authenticate to an ITU E.212 network, and may include data such as international mobile subscriber identity (IMSI) value stored within the NAA.
In order for the eUICC to be provisioned over the air, the eUICC requires a preinstalled provisioning profile, which is a profile including one or more network access credentials, which, when preinstalled on an eUICC, enables a device utilizing the eUICC to access and communicate with communication network(s). This is generally achieved by the device initially attempting to access a mobile network operator's communication network, and in response to this the communication network transmits a message, including a ‘challenge’ sent over an air interface to the device, which is passed to the eUICC. The eUICC runs the message through its authentication algorithm, allowing the device to transit a response back via a corresponding base station to a home location register (HLR) of the mobile network operator. Further, the preinstalled provisioning profile provides the eUICC with the capability to manage operational profiles with a subscription manager (SM). Thus, when the device with the eUICC is turned ‘on’, information is sent to the SM, and this information may include information such as the country that the phone is located in. A decision may then be made with regard to the best network operator(s) to provision the card with. Hence, a pre-installed operational profile allows the eUICC to communicate with an operational network, for example Vodafone™.
Referring to FIG. 1, a known eUICC remote provisioning system is illustrated including, an eUICC manufacturer 101, a subscription manager (secure routing) (SM-SR) 103, a mobile network operator (MNO) 105, a certificate issuer 107, a subscription manager (data preparation) (SM-DP) 109, and an eUICC device, for example an M2M device 111.
The eUICC manufacturer 101 provides eUICCs including a provisioning profile and/or one or more operational profiles. Typically, the manufactured eUICCs are delivered to an M2M device for integration into their products. The eUICC manufacturer 101 is also responsible for initial cryptographic configuration and security architecture of the manufactured eUICCs.
The eUICC manufacturer 101 requests the provisioning profile from a desired mobile network operator 105, which provides the eUICC manufacturer 101 with input information, for example an international mobile subscriber identity value. Subsequently, the eUICC manufacturer 101 outputs information to the MNO 105 and SM-DP 109 including identity information of the relevant eUICC.
The certificate issuer 107 issues certificates for eUICC remote provisioning, and acts as a third party for the purpose of authentication.
Once the eUICC has been incorporated into a device/product 111, the MNO is made aware of the eUICC ID of the integrated eUICC within the device/product 111. As this information was provided to the MNO 105 during eUICC manufacture, the MNO 105 is operable to find related information in its databases (not shown) and trigger the SM-DP 109 to transmit an encrypted message including at least the eUICC ID to the SM-SR 103.
Subsequently, the eUICC device/product 111 communicates with a provisioning network, utilizing its preinstalled provisioning profile, and communicates with the SM-SR 103. The SM-SR 103 recognizes the eUICC's ID and downloads an encrypted profile including an operational profile.
Therefore, the eUICC device/product 111 is capable of being configured with an operational profile via an air interface, meaning that the operational profile may be changed by a user of the eUICC device/product 111.
In order for over the air provisioning to be utilized, the eUICC device/product 111 requires a provisioning profile, which is generally an identifier for an operator with many roaming agreements. When the eUICC device/product 111 is first enabled, information is transmitted to the SM-SR 103, which may include information, such as the country the eUICC device/product 111 is in. A decision is then made by the SM-SR 103 to allocate the best operator to provision the eUICC with.
A potential problem may be that MNOs are no longer responsible for issuing devices to consumers, as a consumer may purchase a device from the manufacturer of the eUICC device/product 111 and chose/change the MNO 105 over the air. This may affect the MNO's 105 profits and sale of subsequent peripheral devices.
Referring to FIG. 2, a known eUICC registration procedure 200 is illustrated. Generally, eUICCs are manufactured according to a particular standard and are independent from the M2M device manufacturers, mobile operators and service providers. Device manufacturers may select and certify an eUICC and order it directly from an eUICC manufacturer 201. As a mandatory step in the production process and prior to shipment, the eUICC manufacturer 201 must register each eUICC at a selected subscription manager SM-SR 203. The registration means that relevant information regarding a particular eUICC is stored in a database of the SM-SR 203. Without this registration step, remote access to the eUICC is impossible using standard practices.
Regarding the registration procedure 200 of FIG. 2, the eUICC manufacturer 201 transmits an eUICC registration request 205 to the selected SM-SR 203, including an eUICC information set (EIS). The SM-SR 203 stores the EIS in a database 207, utilizing the eUIDD ID (EID) of the eUICC as a key parameter. The SM-SR 203 confirms the successful registration by transmitting a confirmation message 209 including the EID to the eUICC manufacturer 201.
At this stage, the eUICC includes a provisioning profile and is linked to an active provisioning subscription. After registration has been completed at the SM-SR 203, the eUICC may be shipped to a device manufacturer.
There is a potential problem with this process in that each eUICC manufactured needs to be registered with a particular subscription manager 203, and include a provisioning profile with an associated provisioning subscription in order for the subscription manager 203 to be able to remotely access the eUICC in order to download information regarding one or more operational profiles. Such a process is inefficient and requires a provisioning profile being installed in each and every device.