When a terminal accesses a wireless communication network, a mutual authentication process between the network and the terminal is needed. Through the mutual authentication process, a Mobile Network Operator (hereinafter, referred to as a network operator or an MNO) identifies a terminal which made a fair payment for subscription and provides a service. The corresponding terminal safely accesses the network and performs data and voice communication while maintaining security. The mutual authentication process between the wireless communication network and the terminal is performed using a subscriber identifier and an encryption key (for example, an encryption key (K) for the authentication). In most terminals, the encryption key is stored in a separate Universal Integrated Circuit Card (UICC) physically attachable to and detachable from the terminal. The UICC corresponds to a smart card which is installed within the terminal and can be used as a module for user authentication with the wireless communication network to which the user subscribes. That is, the UICC stores personal information of the wireless communication subscriber and, when the terminal accesses the wireless communication network, performs a subscriber authentication and generates traffic security key, thereby making wireless communication safely used.
The UICC may store network information (for example, an International Mobile Subscriber Identity (IMSI), a home Public Land Mobile Network (PLMN), and the like) of a network operator to which the user subscribes, user information (a short message service, and the like), a phonebook, and the like.
Further, the UICC is also called a Subscriber Identity Module (SIM) card in a Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in a Long Term Evolution (LTE) scheme.
When a card is manufactured, the UICC is manufactured as a card dedicated for the corresponding operator by a request from a particular wireless network operator, and authentication information for the access of the corresponding operator to the network, for example, a USIM application, an International Mobile Subscriber Identity (IMSI), a K value, and the like) is inserted into the UICC before the release thereof. Accordingly, the corresponding MNO receives the manufactured UICC and provides it to the subscriber, and thereafter performs the management, such as installation, modification, deletion, and the like, of an application within the UICC using technologies such as Over The Air (OTA) and the like when necessary.
The subscriber may insert the UICC into the mobile communication terminal of the subscriber to use the network and application services of the corresponding MNO, and, when replacing the terminal, the subscriber may insert the UICC extracted from the existing terminal into a new terminal to use the authentication information, the mobile communication phone numbers, the personal phonebook, and the like, which are stored in the UICC, in the new terminal as they are.
When an authentication between an authentication server of the wireless communication network and the UICC is performed in the mutual authentication process between the wireless communication network and the terminal, the terminal serves as a medium that transfers a corresponding authentication message. The UICC may not only identify the subscriber but also include relevant network company information even when the UICC is manufactured. Further, when the user uses a wireless communication network and then subscribes to a wireless communication network of another network operator through the same terminal, the user should use a UICC compatible with the wireless communication network of the corresponding network operator. That is, when network operators are different, the user can use the same terminal but should use the UICC compatible with the network operator to which the user newly subscribes.
Accordingly, since the existing UICC can be attached to and detached from the terminal, the existing UICC should be replaced with a new UICC when the user changes network operators, which inconveniences the user. Alternatively, in terms of a form factor that defines a physical phenomenon, from the most widely used mini-SIM to a micro-SIM and a recently used nano-SIM, the size of the UICC becomes smaller. Although it greatly contributes to the compactness of a mobile communication terminal, it is expected that a UICC smaller in size than a recently established nano-SIM is difficult to standardize because a user is likely to lose it. In addition, since the terminal requires a space for mounting a detachable slot due to a characteristic of the detachable UICC, further compactness is expected to be difficult. In order to solve the problem, research on an embedded UICC (eUICC) which can remotely install a profile for providing a communication service without replacing the UICC in spite of a change in a mobile network operator is being progressed. The eUICC provides a network access authentication function equally to the existing attachable and detachable UICC, but there are many issues such as eUICC opening/circulation/subscriber information security and preparation of a plan for the issues is needed. To this end, an international standardization institution such as a European Telecommunications Standards Institute (ETSI) proceeds with the standardization of the eUICC with relevant companies such as mobile network operators, terminal manufacturers, SIM vendors, and the like. In the ETSI, a Working Group (WG) for establishing the eUICC standard is working and the ETSI defines a module such as the profile for post personalization of an application for the network access authentication function of the mobile network operator in the eUICC and determines requirements for remotely installing and managing the profile. Further, a management policy and an application scheme of the profile has been discussed, but a detailed method has not yet been defined. As described above, since detailed matters about the management of the profile of the eUICC have not been defined, an eUICC manufacturer, a terminal manufacturer, and an eco-system operator have difficulty in developing and commercializing the eUICC.
The eUICC may be implemented as a pre-installed UICC by being fixed within the terminal, for example, in a chip type during a process of manufacturing the terminal. Accordingly, the eUICC may be used for various terminals which can have a structure in which physical attachment and detachment of the UICC is not easy such as a Machine to Machine (M2M) (or Device to Device (D2D)) terminal as well as a general wireless terminal such as a mobile phone.
By using the eUICC, the terminal may download the profile including a mobile network operator-specific subscriber identifier and an encryption key (K) from a remote server and install the profile in the eUICC. Accordingly, the user may receive a wireless communication service through a changed Mobile Network Operator (MNO) without installing a new UICC in the terminal even though the MMO is changed. The profile may include the subscriber identifier and the encryption key (K), and also include various pieces of information for a communication service provided by the corresponding MNO. That is, when the profile is remotely downloaded and installed in the eUICC from a network of the MNO, the subscriber identifier and the encryption key (K) is also stored in the eUICC.
Meanwhile, when the subscriber identifier and the encryption key are leaked in the process of remotely installing the profile in the eUICC, security of data and voice communication of the corresponding terminal are significantly threatened. Accordingly, in the process of remotely transferring the profile to the eUICC, a more rigid encryption process is required.
As described above, in order to remotely install the profile including the subscriber identifier and the encryption key in the eUICC within the terminal, the terminal having the eUICC installed therein should already be in a communicable state. To this end, the subscriber identifier and the encryption key (K) (or a provisioning profile) only for the remote installation of the profile may be installed in the eUICC in advance. In this case, only when the corresponding subscriber identifier and the encryption key (K) are stored in a wireless communication network using the provisioning profile installed in the terminal in advance, the terminal having the remotely installed profile therein may be recognized as a legitimate subscriber terminal. Accordingly, when the eUICC is used, a communication service usage fee for the installation of the provisioning profile may be included in the manufacturing costs. However, such a communication service is limited only to a communication service for the profile installation, so that the communication service usage fee may be relatively cheaper than a general communication service usage fee.