A universal integrated circuit card (UICC), which is a smart card inserted into a mobile communication terminal, stores personal information such as network attachment authentication information, a phone book and SMS of a mobile communication subscriber, and performs subscriber authentication and traffic security key generation for the utilization of secure mobile communication upon attachment to a mobile communication network such as GSM, WCDMA, and LTE. The UICC is equipped with communication applications such as a subscriber identification module (SIM), a universal SIM (USIM), and an IP multimedia SIM (ISIM), depending on the type of a mobile communication network to which a subscriber accesses, and provides a high-level security function for mounting various applications such as electronic wallet, ticketing, electronic passport, and the like.
A conventional UICC is manufactured as a dedicated card for a specific mobile communication operator upon request, and is equipped in advance with authentication information (e.g., USIM application and subscriber identification ID (IMSI), an encryption key (K) value) for attachment to an operator's network. The manufactured UICC card is supplied to subscribers by a mobile communication operator, which may then, if necessary, perform management such as installation, modification, and deletion of applications in the UICC using techniques such as over the air (OTA). A subscriber may use a network and application services of a relevant mobile communication operator by inserting a UICC card into his or her mobile communication terminal. When exchanging a terminal for a new one, a subscriber may use, as they are, authentication information, mobile communication telephone numbers, a personal telephone directory, etc. stored in a UICC card by inserting the UICC card of the existing terminal into the new terminal.
Meanwhile, a UICC card maintains international compatibility by defining its physical shape and logical function in a standardization organization called European Telecommunications Standards Institute (ETSI). A form factor that defines a physical shape is getting smaller and smaller from the most widely used Mini SIM to Micro SIM that began to be used a few years ago, and recently to Nano SIM. This tendency greatly contributes to the miniaturization of a mobile communication terminal, but it is expected that a UICC card smaller in size than the recently established Nano SIM will not be standardized because of an increasing possibility of loss. Also, because a detachable UICC card requires a space for mounting an insertion slot in a terminal, it is expected that further miniaturization will be difficult.
In addition, a detachable UICC card is not suitable for machine-to-machine (M2M) devices that require attachment to a mobile communication data network without direct manipulation of a person in various installation environments such as intelligent home appliances, electricity/water meters, and CCTV cameras.
In order to solve such a problem, a method for replacing a conventional detachable UICC may be considered by embedding a security module for performing a function similar to UICC in a mobile communication terminal at the manufacture of the terminal. Such a security module may be installed in a terminal when the terminal is manufactured, and may be mounted so as not to be removable in a certain terminal. Therefore, it may be difficult for a terminal to previously equip network attachment authentication information, such as IMSI and K of USIM, for a specific mobile communication operator at the manufacture of the terminal unless the terminal is manufactured as a dedicated card for a specific mobile communication operator. Setting of this authentication information is possible only after a user who purchases the terminal joins a specific mobile communication operator.
Unlike a conventional UICC card which is manufactured and distributed for a specific mobile communication operator, a UICC including an eUICC which is a newly introduced terminal-embedded security module requires a solution of securely and flexibly installing and managing authentication information of various mobile communication operators when a user purchasing a terminal performs subscription to or unsubscription from a specific mobile communication operator or change of subscription to another operator.