When a subscriber to a first network seeks to change operator, it is necessary for the security module that is in the equipment and that is configured for the first operator to be replaced by a second security module that is configured for the second operator, i.e. that has the keys specific to the second operator. It can be understood that with interconnected M2M machines using the network of the first operator to enable a central server to exchange information remotely with those machines, a change of operator requires the (U)SIM card to be changed in all of the machines and therefore requires a technician to visit them in order to make the change. That can be particularly constraining since it is not unusual for the machines to be difficult of access. Furthermore, when the security modules are not removable, but are soldered to the equipment, such a change requires the equipment to be replaced.
Solutions exist for modifying operator keys in a (U)SIM card without changing the security module. For example, the application published under the No. WO 2011/001076 describes a method of changing a first authentication key and a first subscriber identification number in a (U)SIM card that are specific to a first network operator operating a first network, with a second authentication key and a second subscriber identification number specific to a second network operator operating a second network. For that purpose, a master key for generating keys specific to the second network is stored in the card during a preconfiguration stage performed before the card is put into service. Thus, when the card has been released to operate in the first network and a request is received to change to the second operator, the second operator transmits to the first operator a second subscriber identification number in the second network. The first operator uses its own network to transmit a random number and the second subscriber identification number that it has received to the (U)SIM card, and it also sends the random number to the second network operator. The card then generates a second authentication key by applying a key diversification algorithm to the random number and to the master key stored in the card and specific to the second network. In parallel, the second operator calculates the same authentication key using the same master key that is specific thereto and the random number received from the first network. The second operator stores the second authentication key in association with the second subscriber identification number in its own subscriber base. At the end of the method, the first authentication key has been replaced in the card by the second authentication key, and the first subscriber identification number has been replaced in the card by the second subscriber identification number. The (U)SIM is thus ready to operate in the second network.
Nevertheless, that requires the memory to store master keys specific to all of the operators to which control of the card might be transferred. There are also risks that it will not be possible to transfer the control of cards to a new operator, e.g. in the event of the cards being preconfigured before the arrival of the new operator.