1. Technical Field
Example embodiments of the present invention relate to building an environment that uses an eUICC, and more specifically, to a method and device for building a security-based environment that uses an eUICC.
2. Related Art
A universal integrated circuit card (UICC) is a smart card that is inserted into a terminal and used as a module for user authentication. The UICC may store a user's personal information and carrier information about a mobile carrier to which the user subscribes. For example, the UICC may include an international mobile subscriber identity (IMSI) to identify the user.
The UICC is called as a subscriber identity module (SIM) card in a global system for mobile communications (GSM) method, and a universal subscriber identity module (USIM) card in a wideband code division multiple access (WCDMA) method.
When the user installs the UICC in the user's terminal, user authentication is automatically performed using information stored in the UICC so that the user may conveniently use the terminal. When the user replaces the terminal, the user may detach the UICC from the old terminal and reinstall it in a new terminal, to easily replace the terminal.
Meanwhile, it is difficult to downsize a terminal which requires a compact size, for example, a terminal for machine-to-machine (M2M) communication, when the terminal is manufactured to have a detachable UICC. Therefore, an embedded UICC (eUICC) structure that is a non-detachable UICC has been proposed.
Since an existing UICC is detachable from the terminal, the user may activate the terminal regardless of a type of the terminal or a mobile carrier. However, a UICC that is embedded when a terminal is manufactured may include an international mobile subscriber identity (IMSI) in the eUICC when it is assumed that the UICC is used for only a specific mobile carrier. In order to, for example, order, activate, and terminate the terminal, the eUICC needs information (for example, an IMSI) on a user of the corresponding UICC through, for example, downloading.
That is, in the eUICC that is integrally installed in the terminal, the UICC is installed in the terminal when the terminal is manufactured and released, unlike the existing detachable UICC. Due to its non-detachable physical structure, it is necessary to download from an external location and install in the eUICC a network operator authentication key (K), a UICC data file (a network access file, an international mobile subscriber identity (IMSI), a home public land mobile network (HPLMN), etc.), a user information file (for example, a short message service (SMS) file, a phonebook, etc.), and an applet, etc.
In this process, it is necessary to support a function provided by the conventional UICC technology and an equal or higher level of security than the conventional UICC.
In an environment that uses conventional UICC (SIM) technology, the UICC is manufactured by a UICC manufacturer through an order from a mobile network operator (MNO). In this case, the MNO and the UICC authenticate by sharing predefined unique information (for example, an IMSI, K, or OTA Key), securely transmit and receive data based on the authentication information, and perform an operation through a permission check based on the authentication information.
However, in an environment that uses the eUICC, in general, the MNO and the eUICC may not share any data in advance. Moreover, in the environment that uses the eUICC, a function of the existing MNO is subdivided into several functions and managed remotely. That is, according to a request from subdivided components (for example, user information file download, or applet download), it is necessary to perform authentication (identification) for the component, data is securely transmitted to or received from the component, permission for the component is checked, and a corresponding operation is performed.