This invention relates to trusted execution environments (TEE) and universal integrated circuit cards (UICC). ETSI technical specification (TS) 103 383 provides requirements of the embedded UICC (eUICC). The purpose of this standard is to allow remote provisioning and management of operator “profiles” being the technical term for the programs and data which defines the subscription on a UICC having some subscriber identity module (SIM) applications. This is to enable an eUICC to be soldered to a device and never to be removed.
Use cases for UICC comprise “late binding” and “operator change” in machine-to-machine services. The former refers to the ability to define the mobile network operator (MNO) and subscription after the machine hosting the UICC has been deployed, i.e. after a SIM card has been inserted into a device. The latter refers to be able to change subscription for connectivity of the machine from one MNO to another, again without changing the SIM card.
A profile is defined to be a combination of a file structure, data and applications corresponding to the content of a current UICC. The eUICC architecture is built around the installation and management of profiles on the eUICC, which is functionally separated into two roles being the subscription manager data preparation (SM-DP) role, defining the profile and provisioning it to the eUICC, and the subscription manager secure routing (SM-SR) role, creating and deleting secure containers for the profile or SM-DP, and enabling and disabling profiles.
The SM-SR and SM-DP roles are assumed by actors in an eUICC ecosystem.
The eUICC addresses connectivity for machine-to-machine (M2M) services. In this context it is also beneficial that an M2M application can be hosted on the eUICC for performing a similar security service.
The eUICC is required to be able handle multiple profiles, i.e. subscriptions for cellular connectivity, and allow a controlled change from one profile to another. It is previously known that a logical eUICC architecture can have multiple instances of UICCs, each represented by a profile, and procedures for installing new profiles and enabling/disabling profiles. In such an architecture non-MNO applications, such as an M2M application, would be handled within a profile and thus a change of MNO/profile would disable the M2M application and require it to be re-installed and enabled in the new profile.
For this purpose, to allow change of profiles without affecting certain applications on the eUICC, we would like to allow applications to be installed on the eUICC but outside profiles.
There is hence a need for an improved architecture that enables installation of applications outside profiles.