The expected deployment of embedded universal integrated circuit cards (eUICCs), also known as embedded subscriber identity modules (eSIMs), for all types of mobile telecommunications terminal giving access to telephone networks (in particular mobile telephones, smartphones, tablets), implies various changes to the way in which users manage their subscriptions to services provided by telephone operators.
At present, when a user of a mobile telecommunications terminal selects a subscription to a service provided by a telephone operator, the user purchases a traditional SIM card and then inserts the traditional SIM card in the mobile telecommunications terminal in order to benefit from the service. When the user decides to change telephone operator, the old SIM card is removed and destroyed or discarded, and the user obtains a new SIM card.
In contrast, when a user of a mobile telecommunications terminal having an eSIM card selects a subscription to a service provided by a telephone operator, the user loads a subscription profile associated with the telephone operator, and then activates the subscription profile. When the user decides to change telephone operator, the user deactivates the active subscription profile and may delete it, and then loads and activates a new subscription profile. These operations are performed via a user interface of the mobile telecommunications terminal.
Thus, by means of the eSIM card, a user can load a plurality of subscription profiles for a plurality of different telephone operators, and can select to activate any one of the subscription profiles, and to change the currently active subscription profile for another one of the subscription profiles loaded in the eSIM card.
The use of eSIM cards presents a certain number of risks associated with the execution of malware applications in the mobile telecommunications terminal.
Thus, certain malware applications seek to exchange the active subscription profile for a new subscription profile, unbeknownst to the user.
Among the risks for the user of this type of malware application, there is in particular a risk of a large increase in subscription charges, in the event of the new subscription profile being associated with a much higher rate, and there is also a risk of service being denied. Under such circumstances, this risk of service denial involves executing an infinite loop of exchanging subscription profiles.
Among the risks for a telephone operator of this type of malware application, there is in particular a risk of “disintermediation”, in the event of a malware application being capable, in real time, of taking the place of the user and selecting the subscription profile having the lowest cost from among the available subscription profiles. This leads to risks associated with problems of liability and of brand image, and also naturally leads to risks associated with losing clients and revenue.