In computer or radio networks, such as cellular networks, techniques for configuring and provisioning new subscribers are well known. For example, a Universal Integrated Circuit Card (UICC), such as a SIM card for a cellular network, is provided for each subscriber and these are typically personalized individually with unique keys and identifiers at a secure personalisation centre (which may be operated by a SIM vendor).
The SIM cards are then distributed from that centre either to operator warehouses, or directly to a modem or whole device manufacturer (OEM) for integration as a component part. The latter option is increasingly the case for devices configured for Machine to Machine (M2M) or Machine Type Communication (MTC) operation. The OEM then personalizes the rest of the device, for example with a flash image, unique device ID, MAC address and possibly other keys.
This approach has several problems: each unique personalization step adds costs; there is a “detour” from the original chip maker via the (SIM) personalization centre before the UICC is shipped to the OEM; the UICC is constrained in terms of form factor (for instance, it may be required to be a dedicated “chip” with its own packaging, defined contacts and size). This latter point can create some issues in terms of size of M2M equipment and durability of the UICC in a long-lived device or in a difficult environment (the card may be shaken loose, contacts may overheat, freeze, become too moist or similar). While specially packaged UICCs exist (machine form factor), these are more expensive than conventional UICC or SIM card form factors, and so are difficult to apply to low cost devices.
Assuming that the overall device cost is reduced significantly, which may be true for low cost M2M devices, the UICC or SIM card may become a disproportionate share of the total device cost.
Recent approaches towards an embedded SIM (eUICC) have resulted in standardization efforts in the GSM Association (GSMA) and the European Telecommunications Standards Institute (ETSI). These may allow an operator subscription to be updated remotely on the UICC. However, such approaches still require unique initial secrets to be loaded to each UICC and, as a result, do not avoid the need for a smart card personalization centre. Moreover, the UICC needs to be loaded with an initial International Mobile Subscriber Identity (IMSI), subscriber key (Ki) and profile (a so-called “provisioning subscription”) in order to connect to a mobile network and download a permanent subscription. These provisioning subscription credentials must themselves be created and provisioned securely, to prevent fraud or other abuse of the provisioning subscription. Again, cost is an issue. The eUICC solution is more expensive than a conventional SIM card.
A further solution has been proposed, which would allow the SIM card to be placed inside another chip package (the baseband processor). However, this solution may not necessarily meet operator security requirements, as the operator credentials would need to be provisioned to the SIM card at an insecure location (OEM production line).
Further developments within the Third Generation Partnership Project (3GPP) standardisation body consider an alternative network architecture, in which a special, preliminary IMSI (PIMSI) is assigned to a new subscriber prior to initial access to the network and provisioning. The PIMSI is installed by the equipment supplier and is not associated with any specific home network operator. This is discussed in 3GPP Technical Report (TR) 33.812 v.0.2.1, for example. As with other solutions, this requires the initial subscription to be secure and the PIMSI must be allocated with a specific cryptographic key to allow this. Moreover, the access network needs to be aware of the PIMSI status, so that provisioning can take place. This adds complexity to the network architecture and functionality, especially in parts of the network that are outside the control of the network operator.
Therefore, there is required an approach for provisioning a new subscriber that overcomes these problems.