A UICC (Universal Integrated Circuit Card) is a smart card being inserted into a mobile communication terminal and stores personal information such as network connection authentication information, telephone numbers, and SMS of a mobile communication subscriber. The UICC enables safe use of mobile communication by performing subscriber authentication and generating a traffic security key when connected to a mobile communication network such as a GSM, WCDMA, and LTE.
Communication applications such as a SIM, USIM, and ISIM are launched into the UICC according to the type of the mobile communication network connected by a subscriber. Further, the UICC provides an upper level security function for launching various applications such as an electronic wallet, ticketing, and electronic passport.
Conventional UICCs are manufactured as a dedicated card for a specific mobile communication provider according to a request from the mobile communication provider. Accordingly, the UICC is released by pre-installing authentication information for connecting to a network of a corresponding provider (for example, IMSI and K value of a USIM application). The manufactured UICC is delivered to a corresponding mobile communication provider and provided for a subscriber, and if necessary, management of installing, modifying, and deleting an application in the UICC can be performed by using a technology such as an OTA (Over The Air). The subscriber can use network and application services of the corresponding mobile communication provider by inserting the UICC into a mobile communication terminal owned by the subscriber, and if the terminal is replaced by a new one, the subscriber can use the existing authentication information, telephone numbers for mobile communication, and personal telephone book by inserting the UICC into the new terminal.
Physical specifications and logical functions of the UICC are defined by a standardization organization of ETSI (European Telecommunications Standards Institute) which provides international compatibility. In the view of physical specification, a form factor of the UICC has been gradually decreased from a Mini SIM used most widely, to a Micro SIM used from several years ago, and further to a Nano SIM released recently. This contributes much to miniaturization of the mobile communication terminal.
Recently, a UICC smaller than the Nano SIM has been established, however it may be difficult to be standardized because a loss of UICC is concerned. It may be difficult to miniaturize the UICC further more because a space for installing a slot is required for a terminal when considering characteristics of a detachable UICC.
Further, the conventional UICC is not suitable for M2M (Machine-to-Machine) equipment which performs a connection to a mobile communication data network without a direct operation of a person in various installation environment of an intelligent home appliance, electric/water meter, and CCTV camera.
In order to solve such a problem, replacement of the conventional UICC is required, and a security module having a similar function to that of the UICC is integrated into a mobile communication terminal in a production process.
The internal security module developed according to such a requirement is a security module installed in a terminal, however it cannot launch network connection authentication information of a specific mobile communication provider such as an IMSI and a K value of a USIM while manufacturing the terminal. Accordingly, the authentication information of the terminal internal security module can be set by a user after buying a terminal launched with a corresponding internal security module and becoming a subscriber of a specific mobile communication provider.
In a network supporting a newly developed terminal having an internal security module, if the terminal connects to a certain mobile communication network by provisioning a profile, a profile providing server encrypts the profile by using a session key generated by mutual authentication with the terminal in real time and transmits the encrypted profile to the terminal. A hardware security module installed in a profile providing server for encrypting a profile may be suitable for encrypting a small number of profiles in real time, however, if a large number of terminals is to receive profiles for the terminal having an internal security module, it may be impossible to provide the profiles because all the profiles must be encrypted at the same time. Accordingly, technical difficulties can be generated when provisioning profiles for a large number of terminals having an internal security module.
Further, there is a problem that correct profiles cannot be provided for some terminals if an external network state of connecting the large number of terminals having an internal security module to a SM-DP (Subscription Manager Data Preparation) server is poor.
Accordingly, an improved method is required so that a profile for a terminal having an internal security module can be provisioned without synchronization with an external network and profiles for a large number of terminals can be encrypted and stored in advance.