The invention relates to a method for loading a subscription into an embedded security element of a system configured on a chip of a mobile end device, wherein the system comprises an application processor, a non-volatile memory and a secure processor, wherein the application processor and the secure processor can access the non-volatile memory via a bus. The subscription is loaded by a provisioning service into the non-volatile memory, so that the secure processor can load the subscription from the memory and execute it.
A UICC (Universal Integrated Chip Card) is a chip card having a chip-card operating system optimized for chip-card applications in telecommunications. The UICC is the basis for the so-called USIM (Universal Subscriber Identity Modul). The USIM is the carrier of the identity of a mobile communication subscriber and as the main task has the ensuring of the authenticity of a mobile end device, e.g. of a mobile telephone, vis-à-vis a mobile communication network (in short: network) and vice versa. Additional objects are a tamper-resistant execution of programs, a user identification by means of a code, the so-called PIN (Personal Identification Number), as well as the storing of data, such as for example phone numbers. In the past, the UICC was usually designed as a plug-in card, which was inserted into a corresponding reader unit of the mobile end device.
In the future it is envisaged to provide the UICC in integrated (iUICC) or embedded (eUICC) form. These components, also designated as security element, are provided in integrated or embedded form of a system configured on a chip (known as system-on-a-chip) of the mobile end device. To be able to take over the above-described functions and tasks, it is necessary to provide an image of the iUICC or iUICC in a memory of the system of the mobile end device. A Load Provisioning Agent (LPA) executed in the application processor is utilized for loading the image of the iUICC or eUICC into the non-volatile memory. The memory area in which the image is deposited can be deleted relatively simply by a malware, whereby a Denial of Service (DoS) attack is enabled.